菜单
Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree framework to produce actionable remediation priorities.
SOC 2 Type II audit preparation involves designing, implementing, and demonstrating the operational effectiveness of controls aligned to the AICPA Trust Services Criteria (TSC) over a defined audit pe
UI/UX best practices for web interfaces. Use when reviewing animations, CSS, audio, typography, UX patterns, prefetching, or icon implementations. Covers 11 categories from animation principles to typography. Outputs file:line findings.
Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.
Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.
Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying App Connectors, defining application segments, configuring access policies based on user identity and device posture, and integrating with IdPs.
| name | performing-bluetooth-security-assessment |
| description | Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities |
| domain | cybersecurity |
| subdomain | wireless-security |
| tags | ["bluetooth","ble","gatt","wireless-security"] |
| version | 1.0 |
| author | mahipal |
| license | Apache-2.0 |
This skill covers performing Bluetooth Low Energy (BLE) security assessments using the Python bleak library. BLE devices are ubiquitous in IoT, healthcare, fitness, and smart home applications, and many ship with weak or absent security controls. This assessment identifies unencrypted GATT characteristics, devices broadcasting sensitive data, known vulnerable device fingerprints, and improperly secured pairing configurations.
The agent uses bleak's asyncio API to discover nearby BLE devices, connect to target devices, enumerate all GATT services and characteristics, and analyze security properties of each characteristic. It flags characteristics that allow unauthenticated read/write access to sensitive data and identifies devices matching known vulnerable profiles.
pip install bleak)Scan for BLE devices: Use BleakScanner to discover all advertising BLE devices within range. Capture device name, address (MAC), RSSI signal strength, and advertised service UUIDs.
Identify target devices: Filter discovered devices by name pattern, address, or minimum signal strength. Flag devices broadcasting default or well-known vulnerable names.
Connect and enumerate GATT services: Use BleakClient to connect to the target device and iterate over all GATT services. For each service, record the UUID, description, and contained characteristics.
Analyze characteristic properties: For each characteristic, examine its properties (read, write, write-without-response, notify, indicate). Flag characteristics that expose read or write access without requiring authentication or encryption.
Check for known vulnerable UUIDs: Compare discovered service and characteristic UUIDs against a database of known vulnerable or sensitive services (Heart Rate, Blood Pressure, Device Information, Battery Level) that should require encryption.
Detect unencrypted data exposure: Attempt to read characteristics that should be protected. Successful unauthenticated reads of sensitive data indicate missing security controls.
Generate security report: Compile all findings into a structured JSON report with severity classifications and remediation recommendations.
{
"assessment_type": "ble_security_audit",
"target_device": {
"name": "SmartBand-XR",
"address": "AA:BB:CC:DD:EE:FF",
"rssi": -42
},
"services_found": 5,
"characteristics_found": 18,
"findings": [
{
"severity": "high",
"finding": "Heart Rate Measurement readable without encryption",
"uuid": "00002a37-0000-1000-8000-00805f9b34fb",
"properties": ["read", "notify"],
"remediation": "Enable encryption requirement on characteristic"
}
],
"risk_score": 7.5
}