https://github.com/aircrack-ng/aircrack-ng

WiFi security auditing tools suite
https://github.com/aircrack-ng/aircrack-ng

audit freeradius hostapd security suite wifi wifi-security

Last synced: 29 days ago
JSON representation

WiFi security auditing tools suite

• Host: GitHub
• URL: https://github.com/aircrack-ng/aircrack-ng
• Owner: aircrack-ng
• License: gpl-2.0
• Created: 2018-03-10T17:11:11.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2024-08-29T19:42:05.000Z (3 months ago)
• Last Synced: 2024-10-02T01:40:21.444Z (about 1 month ago)
• Topics: audit, freeradius, hostapd, security, suite, wifi, wifi-security
• Language: C
• Homepage: https://aircrack-ng.org
• Size: 16.4 MB
• Stars: 5,300
• Watchers: 227
• Forks: 934
• Open Issues: 420
• Metadata Files:
  • Readme: README
  • Changelog: ChangeLog
  • License: LICENSE
  • Security: SECURITY.md
  • Authors: AUTHORS

Awesome Lists containing this project

README

        
Documentation, tutorials, ... can be found on https://www.aircrack-ng.org

See also manpages and the forum (GitHub Discussions).

Installing

==========

This version has more dependencies/libraries required than previous versions to be compiled. 

See INSTALLING file for more information

OpenWrt Devices

===============

You can use airodump-ng on OpenWrt devices. You'll have to specify

prism0 as interface. Airodump-ng will automatically create it.

Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built).

Known bugs:

===========

Drivers

-------

	Madwifi-ng

	----------

	

	The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode.

	Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again.

	Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170.

	

	

	Problem 1: No client can associate to an airbase soft AP.

	Solution: Use a more recent driver. Madwifi-ng has been deprecated for years.

	

	

	Problem 2: When changing rate while you are capturing packet, airodump-ng stalls

	Solution 2: Restart airodump-ng or change rate before starting it.

	

	Problem 3: After some time it stops capturing packets and you're really sure no network managers are running at all.

	Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot: 

	            from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload'

	            and then run 'modprobe ath_pci autocreate=monitor'.

		  

	

	Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet

	Solution 4: It's the behavior of madwifi-ng, don't worry (... be happy ;)).

	Orinoco

	-------

	Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly.

	Solution: None. Consider replacing your card, orinoco is really really old.

Aircrack-ng

-----------

	Aireplay-ng

	-----------

	Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work.

	Solution: None at this time (we'll try to fix it in an upcoming release).

	Airolib-ng

	----------

	Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing

	         special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected).

	Reason: It's an SQLite issue.

	Solution: Rename the directory or move the database into another directory.

	Airodump-ng

	-----------

	Problem: Airodump-ng stops working after some time.

	Solution 1: You may have a network manager running that puts back the card in managed mode. 

	            You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng.

	Solution 2: See Problem 3 of Madwifi-ng.

	

	Problem: On windows, it doesn't display a list of adapters like the old 0.X

	Solution: It requires you to develop your own DLL.

	Problem: Handshake is not captured/detected

	Reason: You might be too far and your signal is bad (or too close with a signal too strong).

	        Another possibility is that Airodump-ng didn't detect the handshake properly due to

	        being far apart in the capture.

	Solution 1: Check out our tutorial 'WPA Packet Capture Explained' in the wiki.

	Solution 2: Try running Aircrack-ng on your capture, it might detect the capture.

	Solution 3: Check out our wpaclean tool.

	Note: It will be fixed in an upcoming release.

	Cygwin

	------

	Problem: /usr/include/sys/reent.h:14:20: fatal error: stddef.h: No such file or directory

	Solution: It happens because the gcc and g++ version are different. Make sure they are the same.

	

Sample files

============

wep.open.system.authentication.cap:

    It shows a connection (authentication then association) to a WEP network (open authentication).

wep.shared.key.authentication.cap:

    It shows a connection (authentication then association to a WEP network (shared authentication).

    The difference with open authentication is that the client has to encrypt a challenge text

    and send it back (encrypted) to the AP to prove it has the right key.

wpa.cap:

    This is a sample file with a WPA handshake. It is located in the test/ directory of the install files. 

    The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory.

wpa2.eapol.cap: 

    This is a sample file with a WPA2 handshake. 

    It is located in the test/ directory of the install files. 

    The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory.

test.ivs (http://download.aircrack-ng.org/wiki-files/other/test.ivs): 

    This is a 128 bit WEP key file.

    The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7.

wep_64_ptw.cap (http://dl.aircrack-ng.org/ptw.cap): 

    This is a 64 bit WEP key file suitable for the PTW method.

    The key is '1F:1F:1F:1F:1F'.

wpa-psk-linksys.cap:

    This is a sample file with a WPA1 handshake along with some encrypted packets.

    Useful for testing with airdecap-ng. The password is 'dictionary'.

wpa2-psk-linksys.cap:

    This is a sample file with a WPA2 handshake along with some encrypted packets.

    Useful for testing with airdecap-ng. The password is 'dictionary'.

wps2.0.pcap:

    This is a test file with WPS 2.0 beacon.

password.lst and password-2.lst:

    This is a sample wordlist for WPA key cracking. More wordlists can be found at

    https://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

password.db

    This is a sample airolib-ng database for WPA key cracking.

pingreply.c

    Replies to all ping requests. Useful for testing sniffing/injecting packets with airtun-ng.

Chinese-SSID-Name.pcap

    Contains a beacon with an SSID displayed in Chinese.

verify_inject.py

    Testing DNS requests using airtun-ng.

n-02.cap:

    This is a test file with 802.11X-2004 AES-128-CMAC handshake.

    Useful for testing with aircrack-ng. The password is 'bo$$password'.

test-pmkid.pcap:

    This is a test file with PMKID. Passphrase for 'WLAN-771698' is 'SP-91862D361'

test1.pcap:

    This is another test file with PMKID. Passphrase for the network

    'ogogo' is '15211521'

StayAlfred.hccapx:

    Hashcat HCCAPx file with WPA handshake.

    Passphrase for 'StayAlfred' ESSID is 'staytogether'

wpa3-psk.pcap:

    WPA3 PSK SAE authentication. Passphrase for the network 

    'WPA3-Network' is 'abcdefgh'

3.pcap

	Allows to reproduce issue #672 (Fixed by commit 312bb64)

floating_point_exception.pcap

	Allows to reproduce issue #672 and triggers a SIGFPE (Fixed by commit 312bb64)

80211ad_beacon.pcap

	DMG Beacon (802.11ad)

More sample pcap are available from Wireshark: 

    https://wiki.wireshark.org/SampleCaptures#Wifi_.2F_Wireless_LAN_captures_.2F_802.11