Last Updated: 05/24/12


CavitySearch (as in teeth) is a Bash script which utilizes several methods of assessing the capabilities of Bluetooth devices. Most of the information can be gathered without pairing with the target device or alerting the end user. CavitySearch will report running services, Device Name, Device Address, Device Type, open RFCOMM Channels "ports", open L2CAP PSMs "ports", device manufacturer, supported protocols, and more. It is also able to help find "hidden" services running on the device.

Output from each part of the assessment is logged in a directory based on the Device Address of the target.


- profile.log - Aggrigation of information gathered.
- sdp.log - Service Dispovery Profile of available serices
- hciinfo.log - Supported Bluetooth protocols
- scan.log - Bluetooth identifiers
- psmscan.log - Open L2CAP PSMs "Ports"
- rfcommscan.log - Open RFCOMM Channels "Ports"


Name: CavitySearch
Download: Click Here


# make
# make install

- gcc
- blueZ
- libbluetooth
- timeout
- grep
- sed
- awk
- cat
- echo


Provide the local interface and Device Address of the device you are want to assess.

# cavitysearch hci0 11:22:33:44:55:66
Gathering device info into 11_22_33_44_55_66/hciinfo.log ...
Gathering device scan info 11_22_33_44_55_66/scan.log ...
Gathering SDP into 11_22_33_44_55_66/sdp.log ...
Gathering PSMs 1 - 101 into 11_22_33_44_55_66/psm.log ...
Gathering RFCOMMs 1 - 30 into 11_22_33_44_55_66/rfcomm.log ...
Generating profile in 11_22_33_44_55_66/profile.log ...
Logs saved in 11_22_33_44_55_66/ directory.