RedFang

RedFang is a small proof-of-concept application designed to find non-discoverable Bluetooth devices. This is achieved by brute forcing the last six bytes of the Bluetooth address and executing a read_remote_name() operation. The tool was originally developed by Ollie Whitehouse with enhancements for threading by Simon Halsall and device info discovery by Stephen Kapp.

Use cases include Bluetooth security assessments where devices may have discoverability disabled, making them invisible to standard scanning tools. It supports scanning specific address ranges and outputting results to a log file. The tool assumes devices are on hci0 to hci(n) interfaces based on the number of threads.

RedFang is particularly useful in wireless penetration testing to identify hidden Bluetooth peripherals or devices that could be vulnerable to further attacks.

RedFang brute forces the last six bytes of the Bluetooth device address within a specified range by attempting connections and performing read_remote_name() inquiries. It uses multiple threads across hci0 to hci(n) interfaces, where n is threads minus one. The default connect timeout is 10000, which can be adjusted. Addresses can be specified directly or using manufacturer prefixes listed with the -l option followed by the address tail.