aeondave/bluez
offensive-tools/wireless/bluez/SKILL.md
BlueZ Bluetooth stack and CLI workflow for Linux, covering bluetoothctl-driven discovery, pairing, BLE inspection, and low-level troubleshooting utilities. Use when scanning Bluetooth Classic or BLE devices, validating adapter state, enumerating services/characteristics, or building Bluetooth reconnaissance workflows on Linux.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill bluezInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 3:54 AM278.7s2 files scanned
SKILL.md
- name:
- bluez
- description:
- BlueZ Bluetooth stack and CLI workflow for Linux, covering bluetoothctl-driven discovery, pairing, BLE inspection, and low-level troubleshooting utilities. Use when scanning Bluetooth Classic or BLE devices, validating adapter state, enumerating services/characteristics, or building Bluetooth reconnaissance workflows on Linux.
- license:
- GPL-2.0 / LGPL-2.1
- compatibility:
- Linux. Core Bluetooth stack on Linux; recent upstream release 5.86. Includes tools and client workflows such as bluetoothctl and monitor utilities.
- author:
- AeonDave
- version:
- 1.0
BlueZ
Linux Bluetooth stack and operator toolkit for Bluetooth Classic and BLE discovery, connection, and debugging.
Why BlueZ
Use BlueZ as the baseline Bluetooth skill when you need:
- adapter bring-up and health checks
- BLE or Classic discovery from Linux
- pairing / trust / connection workflows
- Bluetooth service and characteristic inspection
- low-level monitoring and debugging
Quick Start
# verify controller state
bluetoothctl list
bluetoothctl show
# interactive discovery
bluetoothctl
[bluetooth]# power on
[bluetooth]# agent on
[bluetooth]# default-agent
[bluetooth]# scan on
Core Workflows
Live device discovery
bluetoothctl scan on
Pair and trust a device
bluetoothctl
[bluetooth]# pair AA:BB:CC:DD:EE:FF
[bluetooth]# trust AA:BB:CC:DD:EE:FF
[bluetooth]# connect AA:BB:CC:DD:EE:FF
Low-level monitor / troubleshooting
btmon
Use btmon when pairing, advertising visibility, or GATT behavior is unclear.
Practical Scope
BlueZ is the foundation. Prefer it before niche scanners because:
- it is current and maintained upstream
- it ships the real Linux Bluetooth stack
- it exposes both high-level and low-level workflows
Notes on Older Utilities
Older tooling such as gatttool or some deprecated tools may still appear in guides, but modern workflows should prefer current BlueZ client tooling where possible.
Relationship to Other Wireless Skills
| Skill | Best use |
|---|---|
| bluez | Core Linux Bluetooth discovery, pairing, monitoring |
| kismet | Passive multi-RF visibility including Bluetooth with supported hardware |
| sparrow-wifi | GUI/agent Bluetooth awareness plus Wi‑Fi/HackRF/Ubertooth workflows |
Resources
| File | When to load |
|---|---|
| references/scan-read-debug-workflow.md | For bluetoothctl, BLE scanning, service inspection, and monitor-first debugging workflows |
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026