RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name().

RedFang is a Linux-based tool made to find Bluetooth devices in undiscoverable mode. The technology is attributed to Ollie Whitehouse and a small tech enterprise called @stake. It was originally developed as a “proof-of-concept” research resource, and is now a common part of many Bluetooth tutorials on security.RedFang uses a method called brute force to discover previously unknown Bluetooth locations.



fang [options]


   -r	range      i.e. 00803789EE76-00803789EEff
   -o	filename   Output Scan to Text Logfile
     	           An address can also be manf+nnnnnn, where manf
     	           is listed with the -l option and nnnnnn is the
     	           tail of the address. All addresses must be 12
     	           characters long
   -t	timeout    The connect timeout, this is 10000 by default
     	           Which is quick and yields results, increase for
   -n	num        The number of dongles
   -d	           Show debug information
   -s	           Perform Bluetooth Discovery
   -l	           Show device manufacturer codes

   -h              Display help


cyborg@cyborg:~$ sudo fang -r  D83C6976315E-D83C6976317E -s
redfang - the bluetooth hunter ver 2.5
(c)2003 @stake Inc
author:   Ollie Whitehouse <[email protected]>
enhanced: threads by Simon Halsall <[email protected]>
enhanced: device info discovery by Stephen Kapp <[email protected]>
Scanning 33 address(es)
Address range d8:3c:69:76:31:5e -> d8:3c:69:76:31:7e
Performing Bluetooth Discovery... Completed.
Discovered: ztrelian's phone [D8:3C:69:76:31:6E]

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?