{"id":13907914,"url":"https://github.com/n0mi1k/pmkidcracker","last_synced_at":"2025-07-18T06:31:44.474Z","repository":{"id":154066361,"uuid":"629117603","full_name":"n0mi1k/pmkidcracker","owner":"n0mi1k","description":"A tool to crack WPA2 passphrase with PMKID value without clients or de-authentication ","archived":false,"fork":false,"pushed_at":"2023-06-10T17:18:03.000Z","size":11,"stargazers_count":183,"open_issues_count":0,"forks_count":25,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-25T16:39:28.241Z","etag":null,"topics":["pentesting-tools","pmkid","pmkid-attack","redteam-tools","wifi-hacking","wifi-password","wifi-security","wpa2-cracker","wpa2-cracking"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/n0mi1k.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-17T16:51:00.000Z","updated_at":"2024-11-23T03:16:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"6240ebe3-da53-4b27-af2b-189cf271939c","html_url":"https://github.com/n0mi1k/pmkidcracker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/n0mi1k/pmkidcracker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fpmkidcracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fpmkidcracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fpmkidcracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fpmkidcracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/n0mi1k","download_url":"https://codeload.github.com/n0mi1k/pmkidcracker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fpmkidcracker/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265710565,"owners_count":23815379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pentesting-tools","pmkid","pmkid-attack","redteam-tools","wifi-hacking","wifi-password","wifi-security","wpa2-cracker","wpa2-cracking"],"created_at":"2024-08-06T23:02:17.965Z","updated_at":"2025-07-18T06:31:44.466Z","avatar_url":"https://github.com/n0mi1k.png","language":"Python","funding_links":[],"categories":["HarmonyOS"],"sub_categories":["Windows Manager"],"readme":"\n# PMKID WPA2 Cracker\n\nThis program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network. It targets the weakness of certain access points advertising the PMKID value in EAPOL message 1.\n\n## Program Usage\n```\npython pmkidcracker.py -s \u003cSSID\u003e -ap \u003cAPMAC\u003e -c \u003cCLIENTMAC\u003e -p \u003cPMKID\u003e -w \u003cWORDLIST\u003e -t \u003cTHREADS(Optional)\u003e\n```\n\u003cimg width=\"549\" alt=\"help\" src=\"https://github.com/n0mi1k/pmkidcracker/assets/28621928/2ebf5b8b-fccb-4465-86a4-1bb117117018\"\u003e\n\n**NOTE:** *apmac, clientmac, pmkid must be a hexstring, e.g b8621f50edd9*\n\n## How PMKID is Calculated\nThe two main formulas to obtain a PMKID are as follows: \n1. **Pairwise Master Key (PMK) Calculation:** passphrase + salt(ssid) =\u003e PBKDF2(HMAC-SHA1) of 4096 iterations\n2. **PMKID Calculation:** HMAC-SHA1[pmk + (\"PMK Name\" + bssid + clientmac)]\n\nThis is just for understanding, both are already implemented in `find_pw_chunk` and `calculate_pmkid`.\n\n## Obtaining the PMKID\n\nBelow are the steps to obtain the PMKID manually by inspecting the packets in WireShark. \n\n*\\***You may use Hcxtools or Bettercap to quickly obtain the PMKID without the below steps. The manual way is for understanding.*** \n\nTo obtain the PMKID manually from wireshark, put your wireless antenna in monitor mode, start capturing all packets with airodump-ng or similar tools. Then connect to the AP **using an invalid password** to capture the EAPOL 1 handshake message. Follow the next 3 steps to obtain the fields needed for the arguments.\n\n**Open the pcap in WireShark:**\n\n- Filter with `wlan_rsna_eapol.keydes.msgnr == 1` in WireShark to display only EAPOL message 1 packets.\n- In EAPOL 1 pkt, Expand IEEE 802.11 QoS Data Field to obtain AP MAC, Client MAC\n- In EAPOL 1 pkt, Expand 802.1 Authentication \u003e WPA Key Data \u003e Tag: Vendor Specific \u003e PMKID is below\n\n**If access point is vulnerable, you should see the PMKID value like the below screenshot:**\n\n\u003cimg width=\"469\" alt=\"pmkid\" src=\"https://user-images.githubusercontent.com/28621928/232556774-2ecf784c-4d13-4cd6-9f15-ae8ff095823e.png\"\u003e\n\n## Demo Run\n\n\u003cimg width=\"431\" alt=\"cracked\" src=\"https://user-images.githubusercontent.com/28621928/232557213-5f5746e7-6cdb-4346-a0c7-31e66c34a7d1.png\"\u003e\n\n## Disclaimer\nThis tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any network that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn0mi1k%2Fpmkidcracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fn0mi1k%2Fpmkidcracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn0mi1k%2Fpmkidcracker/lists"}