diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0391fdf2..085778f36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Change `script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type` - The hf_bruteforce card script now requires Mifare type (mfc or mfu) (@dunderhay)
+ - Updated `hf_bruteforce.lua` script - added support for brute forcing Mifare Ultralight EV1 cards (@dunderhay)
  - Added `hf mf personlize` - personalize the UID of a Mifare Classic EV1 card (@pwpiwi)
  - Change - hint texts added to all lf clone commands (@iceman1001)
  - Change `lf keri demod` - adjusted the internal id. (@mwalker33)
@@ -36,7 +38,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
  - Added `commands.md` - document with all proxmark client commands. Generated with XX_internal_command_dump_markdown_XX. (@iceman1001)
  - Change `lf pac clone` - new option `c <card id>` to allow cloning PAC/Stanley tag from card ID (@danshuk)
  - Change `lf pac read` - decoded PAC/Stanley card ID (@danshuk)
- - Change mifare classic keytable output refactored and uses colors (@iceman1001) 
+ - Change mifare classic keytable output refactored and uses colors (@iceman1001)
  - Fix `hf mf nested` - now writes the correct blockno (@iceman1001)
  - Change `lf t55xx dump` - now supports saving to JSON (@iceman1001)
  - Change `hf mf chk | fchk`  faster authentication by lower timeout limit. (@pwpiwi)
@@ -606,8 +608,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
  - Updated the Reveng 1.31 sourcecode to 1.40 from Reveng project homepage (@iceman1001)
  - Added possibility to write direct to a Legic Prime Tag (MIM256/1024) without using values from the `BigBuffer` -> `hf legic writeRaw <addr> <value>` (@icsom)
  - Added possibility to decrease DCF values at address 0x05 & 0x06 on a Legic Prime Tag  
-   DCF-value will be pulled from the BigBuffer (address 0x05 & 0x06) so you have to 
-   load the data into the BigBuffer before with `hf legic load <path/to/legic.dump>` & then 
+   DCF-value will be pulled from the BigBuffer (address 0x05 & 0x06) so you have to
+   load the data into the BigBuffer before with `hf legic load <path/to/legic.dump>` & then
    write the DCF-Values (both at once) with `hf legic write 0x05 0x02`  (@icsom)
  - Added script `legic.lua` for display and edit Data of Legic-Prime Tags (@icsom)
  - Added the experimental HITAG_S support (@spenneb)
diff --git a/client/luascripts/hf_bruteforce.lua b/client/luascripts/hf_bruteforce.lua
index a3a6636b8..ff8ba6764 100644
--- a/client/luascripts/hf_bruteforce.lua
+++ b/client/luascripts/hf_bruteforce.lua
@@ -1,27 +1,34 @@
--- Run me like this: proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua
+-- Run me like this (connected via USB): ./pm3 -l hf_bruteforce.lua
+-- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua
 
 local getopt = require('getopt')
 
 copyright = ''
-author = 'Keld Norman'
-version = 'v1.0.0'
-desc = [[
-
-]]
-example = [[
-    --  (the above example would bruteforce card number, starting at 1, ending at 10, and waiting 1 second between each card)
-
-    script run hf_bruteforce -s 1 -e 10 -t 1000
-]]
+author = 'Daniel Underhay (updated), Keld Norman(original)'
+version = 'v2.0.0'
 usage = [[
 
-script run hf_bruteforce -s start_id -e end_id -t timeout -d direction
+pm3 --> script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type
 
 Arguments:
     -h       this help
     -s       0-0xFFFFFFFF         start id
     -e       0-0xFFFFFFFF         end id
-    -t       0-99999, pause      timeout (ms) between cards (use the word 'pause' to wait for user input)
+    -t       0-99999, pause       timeout (ms) between cards (use the word 'pause' to wait for user input)
+    -x       mfc, mfu             mifare type: mfc for Mifare Classic (default) or mfu for Mifare Ultralight EV1
+
+
+Example:
+
+pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
+
+Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346.
+
+
+pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
+
+Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679.
+
 ]]
 
 
@@ -60,41 +67,49 @@ local function help()
     print(usage)
 end
 ---
--- Exit message
-local function exitMsg(msg)
+--- Print user message
+local function msg(msg)
  print( string.rep('--',20) )
+ print('')
  print(msg)
+ print('')
  print( string.rep('--',20) )
- print()
 end
 ---
 -- Start
 local function main(args)
 
-    print( string.rep('--',20) )
-    print( string.rep('--',20) )
-    print()
     local timeout = 0
     local start_id = 0
-    local end_id = 0xFFFFFFFF
+    local end_id = 0xFFFFFFFFFFFFFF
+    local mftype = 'mfc'
 
-    for o, a in getopt.getopt(args, 'e:s:t:h') do
+    for o, a in getopt.getopt(args, 'e:s:t:x:h') do
         if o == 's' then start_id = a end
         if o == 'e' then end_id = a end
         if o == 't' then timeout = a end
+        if o == 'x' then mftype = a end
         if o == 'h' then return print(usage) end
     end
 
     -- template
-	local command = 'hf 14a sim t 1 u %08X'
+    local command = ''
 
-	print(' Bruteforcing MFC card numbers from 00000000 to FFFFFFFF using delay: '..timeout)
-    print('')
-    print( string.rep('--',20) )
+    if mftype == 'mfc' then
+        command = 'hf 14a sim t 1 u %14X'
+        msg('Bruteforcing Mifare Classic card numbers')
+    elseif mftype == 'mfu' then
+        command = 'hf 14a sim t 2 u %14X'
+        msg('Bruteforcing Mifare Ultralight card numbers')
+    else
+        return print(usage)
+    end
+
+    if command == '' then return print(usage) end
 
     for n = start_id, end_id do
         local c = string.format( command, n )
-        print(' Running: "'..c..'"')
+        print('Running: "'..c..'"')
         core.console(c)
 		core.console('msleep '..timeout);
         core.console('hw ping')
@@ -102,4 +117,3 @@ local function main(args)
 
 end
 main(args)
-
diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md
index b5ccd39b8..a3e0a220c 100644
--- a/doc/cheatsheet.md
+++ b/doc/cheatsheet.md
@@ -290,6 +290,16 @@ pm3 --> hf mfu eload u hf-mfu-XXXX-dump.eml
 pm3 --> hf mfu sim t 7 u hf-mfu-XXXX-dump.eml
 ```
 
+Bruteforce Mifare Classic card numbers from 11223344 to 11223346
+```
+pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
+```
+
+Bruteforce Mifare Ultralight EV1 card numbers from 11223344556677 to 11223344556679
+```
+pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
+```
+
 ## Wiegand manipulation
 ^[Top](#top)