Skip to content

FAQ

Only against equipment you own or have explicit written authorization to test. Same legal model as Metasploit/Burp/RouterSploit. See Legal Disclaimer.

Does it work on Windows?

No. Windows doesn't expose the raw HCI socket interface BlueSploit relies on. Use Linux or macOS. WSL doesn't help unless you USB-passthrough a Bluetooth adapter.

Does it work on macOS?

Yes for BLE-only modules (via bleak / CoreBluetooth). Classic-BT and raw-HCI modules are Linux-only and are auto-skipped on macOS.

Do I need root?

Most modules touching raw HCI (exploits, DoS, recon) need root. BLE-only modules using bleak usually don't.

Why do some installs fail with "externally-managed-environment"?

PEP 668. Use a venv or --break-system-packages. install.sh handles this automatically.

How do I add my own exploit module?

Drop a Python file under modules/exploits/ following Writing Modules. The loader picks it up on next launch.

Where are wordlists / signatures stored?

data/wordlists/, data/oui/, data/profiles/, data/signatures/. The 4-digit PIN list is generated by install.sh.

Why does --list show fewer modules than the README claims?

Some modules are platform-gated. On macOS you'll see fewer than on Linux because Classic-BT modules are skipped.

How do I capture BLE traffic?

Use auxiliary/nrf_sniffer (best), auxiliary/ubertooth_sniff, or auxiliary/btlejack_capture. See Hardware Setup.

Is there a docker image?

Not officially yet. Building one is on the roadmap, contributions welcome.

How is BlueSploit different from RouterSploit / Metasploit?

Same UX, but specifically for Bluetooth (Classic + BLE), with hardware backends for sniffers/SDRs and a vuln-scanner that maps fingerprints to known BT/BLE CVEs.

Where do I report vulnerabilities in BlueSploit itself?

Open a private security advisory on the GitHub repo, or email the maintainer listed in setup.py. Do not file public issues for security bugs.