Skip to content

CLI usage

Jump to bottom
sgxgsx edited this page May 13, 2024 · 1 revision 
usage: bluekit [-h] [-t TARGET] [-l] [-c] [-ct] [-ch] [-v VERBOSITY] [-ex EXCLUDEEXPLOITS [EXCLUDEEXPLOITS ...]] [-e EXPLOITS [EXPLOITS ...]] [-r] [-re] [-rej] [-hh HARDWARE [HARDWARE ...]] ...

positional arguments:
  rest

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        target MAC address
  -l, --listexploits    List exploits or not
  -c, --checksetup      Check whether Braktooth is available and setup
  -ct, --checktarget    Check connectivity and availability of the target
  -ch, --checkpoint     Start from a checkpoint
  -v VERBOSITY, --verbosity VERBOSITY
                        Verbosity level
  -ex EXCLUDEEXPLOITS [EXCLUDEEXPLOITS ...], --excludeexploits EXCLUDEEXPLOITS [EXCLUDEEXPLOITS ...]
                        Exclude exploits, example --exclude exploit1, exploit2
  -e EXPLOITS [EXPLOITS ...], --exploits EXPLOITS [EXPLOITS ...]
                        Scan only for provided --exploits exploit1, exploit2; --exclude is not taken into account
  -r, --recon           Run a recon script
  -re, --report         Create a report for a target device
  -rej, --reportjson    Create a report for a target device
  -hh HARDWARE [HARDWARE ...], --hardware HARDWARE [HARDWARE ...]
                        Scan only for provided exploits based on hardware --hardware hardware1 hardware2; --exclude and --exploit are not taken into account

The toolkit could be used to collect reconnaissance information, run individual exploits, run all automated exploits, run specific exploits or exclude some, check the setup, list all available exploits as well as check target devices for availability and pairability. The toolkit has checkpoints which could be created during the execution if something goes wrong or a user wants to create one. Then the checkpoints could be used to continue the workflow from a certain point and finish running the exploits.

To get a taste of how to run them it's recommended to read (Exploitation workflow examples) to get workflow examples with specific commands and manual actions, and (a description of toolkit parameters) for a description of what each parameter is responsible for.

Python3 change

Toolkit relies on python3.10 which is installed during the installation process and a default python3 alias is changed to python3.10. To revert it execute the following command and pick the python3 installation you want:


sudo update-alternatives --config python3

Description of toolkit parameters

  • -t or --target - used to specify a target or victim device MAC address. Example: --target AA:BB:CC:AA:BB:CC
  • -l or --listexploits - used to tell the toolkit to list all available exploits with their metadata. Doesn't need any value. If specified the toolkit only lists the exploits and exists. Example: --listexploits
  • -c or --checksetup - used to tell the toolkit to check the setup of hardware profiles and list those that are available. Doesn't need any value. If specified the toolkit checks the setup of hardware profiles and lists them. Example: --checksetup
  • -ct or --checktarget - used to tell the toolkit to check the connectivity and availability of the target MAC address. Requires --target parameter to be set. Doesn't need any value. Returns whether the target MAC address is connectable and available. Example: --target AA:BB:CC:AA:BB:CC --checktarget
  • -ch or --checkpoint - used to tell the toolkit to lookup a checkpoint for the provided MAC address and if found load it and continue from the last stop. Doesn't need any value. Requires --target parameter to be set. Example: --target AA:BB:CC:AA:BB:CC --checkpoint
  • -v or --verbosity - specifies a verbosity level of the information provided to the user. Example: --target AA:BB:CC:AA:BB:CC --verbosity INFO
  • -e or --exploits - used to provide which exploit or exploits should be tested. Only these exploits would be tested. Requires --target parameter to be set. To specify 2 or more exploits one needs to list them one by one with a space as a delimiter. If set, --excludeexploits won't be taken into account. Example: --target AA:BB:CC:AA:BB:CC --exploit blueborne_CVE_2017_0785 blueborne_CVE_2017_1000250
  • -ex or --excludeexploits - used to provide which exploit or exploits should skipped during testing. The exploits provided with this parameter won't be tested. Requires --target parameter to be set. To specify 2 or more exploits one needs to list them one by one with a space as a delimiter. If --exploits is set, then this parameter won't be taken into account. Example: --target AA:BB:CC:AA:BB:CC --excludeexploits blueborne_CVE_2017_0785 blueborne_CVE_2017_1000250
  • -r or --recon - runs reconnaissance scripts on a target device. Requires --target parameter to be set. Example: --target AA:BB:CC:AA:BB:CC --recon
  • -re or --report - create a report based on the tests run on a target device. Requires --target parameter to be set. Example: --target AA:BB:CC:AA:BB:CC --report
  • -rej or -reportjson - create a report in JSON format. Example: --target AA:BB:CC:AA:BB:CC --reportjson
  • -hh or --hardware - use exploits only for a specific hardware. Example: --target AA:BB:CC:AA:BB:CC --hardware default
Clone this wiki locally