How to Capture and Read Network Traffic Using Airodump-ng
-
aircrack-ng
version: 1.half-dozen curvation: any all Packages & Binaries
- aircrack-ng
- airbase-ng
- aircrack-ng
- airdecap-ng
- airdecloak-ng
- aireplay-ng
- airmon-ng
- airodump-ng
- airodump-ng-oui-update
- airolib-ng
- airserv-ng
- airtun-ng
- airventriloquist-ng
- besside-ng
- besside-ng-crawler
- buddy-ng
- dcrack
- easside-ng
- ivstools
- kstats
- makeivs-ng
- packetforge-ng
- tkiptun-ng
- wesside-ng
- wpaclean
- airgraph-ng
- airgraph-ng
- airodump-join
LIGHT Nighttime
aircrack-ng Usage Examples
WPA Wordlist Mode
Specify the wordlist to utilise (-due west countersign.lst) and the path to the capture file (wpa.cap) containing at least i iv-way handshake.
[email protected]:~# aircrack-ng -w password.lst wpa.cap Aircrack-ng 1.5.ii [00:00:00] 232/233 keys tested (1992.58 k/south) Fourth dimension left: 0 seconds 99.57% Fundamental FOUND! [ biscotte ] Master Key : CD D7 9A 5A CF B0 lxx C7 E9 D1 02 3B 87 02 85 D6 39 E4 30 B3 2F 31 AA 37 Ac 82 5A 55 B5 55 24 EE Transient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49 73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08 Ad FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97 D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45 Basic WEP Cracking
To accept aircrack-ng behave a WEP key attack on a capture file, pass information technology the filename, either in .ivs or .cap/.pcap format:
[email protected]:~# aircrack-ng all-ivs.ivs Aircrack-ng 1.four [00:00:00] Tested 1514 keys (got 30566 IVs) KB depth byte(vote) 0 0/ nine 1F(39680) 4E(38400) 14(37376) 5C(37376) 9D(37376) one vii/ 9 64(36608) 3E(36352) 34(36096) 46(36096) BA(36096) 2 0/ ane 1F(46592) 6E(38400) 81(37376) 79(36864) Advertising(36864) 3 0/ three 1F(40960) fifteen(38656) 7B(38400) BB(37888) 5C(37632) 4 0/ 7 1F(39168) 23(38144) 97(37120) 59(36608) xiii(36352) Central Establish! [ 1F:1F:1F:1F:1F ] Decrypted correctly: 100% airgraph-ng Usage Examples
CAPR graph
Specify the input file to use (-i dump-01.csv), the output file to generate (-o capr.png) and the graph blazon (-chiliad CAPR):
[electronic mail protected]:~# airgraph-ng -i dump-01.csv -o capr.png -thousand CAPR **** Warning Images tin be large, upward to 12 Feet by 12 Feet**** Creating your Graph using, dump-01.csv and writing to, capr.png Depending on your system this tin accept a bit. Delight standby...... CPG graph
Specify the input file to use (-i dump-01.csv), the output file to generate (-o cpg.png) and the graph blazon (-thou CAG):
[electronic mail protected]:~# airgraph-ng -i dump-01.csv -o cpg.png -thou CPG **** Warning Images can be large, up to 12 Feet by 12 Feet**** Creating your Graph using, dump-01.csv and writing to, cpg.png Depending on your system this can take a bit. Please standby...... wpaclean Usage Example
Parse the provided capture files (wpa-psk-linksys.cap wpa.cap) and save any 4-mode handshakes to a new file (/root/handshakes.cap):
[electronic mail protected]:/usr/share/doc/aircrack-ng/examples# wpaclean /root/handshakes.cap wpa-psk-linksys.cap wpa.cap Pwning wpa-psk-linksys.cap (i/ii 50%) Internet 00:0b:86:c2:a4:85 linksys Pwning wpa.cap (2/2 100%) Net 00:0d:93:eb:b0:8c test Done wesside-ng Usage Instance
Employ the specified monitor way interface (-i wlan0mon) and target a single BSSID (-five de:advertizing:exist:ef:ca:iron):
[email protected]:~# wesside-ng -i wlan0mon -v de:advertizing:be:ef:ca:fe [18:31:52] Using mac 3C:46:D8:4E:EF:AA [18:31:52] Looking for a victim... [18:32:13] Chan 04 - makeivs-ng Usage Example
Specify a BSSID (-b de:ad:be:ef:ca:fe), WEP key (-thou 123456789ABCDEF123456789AB), and output filename (-w makeivs.ivs):
[e-mail protected]:~# makeivs-ng -b de:ad:exist:ef:ca:iron -grand 123456789ABCDEF123456789AB -w makeivs.ivs Creating 100000 IVs with sixteen bytes of keystream each. Estimated filesize: 2.29 MB Using fake BSSID DE:Advert:BE:EF:CA:FE Done. [email protected]:~# aircrack-ng makeivs.ivs Opening makeivs.ivs Read 100001 packets. # BSSID ESSID Encryption i DE:AD:Be:EF:CA:Iron WEP (100000 IVs) Choosing first network as target. Opening makeivs.ivs Attack will be restarted every 5000 captured ivs. Starting PTW set on with 100000 ivs. Aircrack-ng one.ii rc4 [00:00:00] Tested 621 keys (got 100000 IVs) KB depth byte(vote) 0 1/ ii 76(113152) 1E(111104) 48(109824) 1C(109568) A6(109568) one 1/ three F5(112640) 06(111616) 33(111616) F4(111616) 05(111104) two 0/ 2 31(137216) F9(113664) 76(113152) DC(110336) B9(109568) 3 10/ three E1(108800) 0A(108544) 34(108032) 3E(108032) 48(108032) four 9/ 4 7D(109312) BA(109056) 5E(108800) D6(108800) 11(108288) Fundamental Institute! [ 12:34:56:78:9A:BC:DE:F1:23:45:67:89:AB ] Decrypted correctly: 100% Strip out the initialization vectors of the provided .pcap capture and save them to a new file:
[email protected]:~# ivstools --convert wep_64_ptw.cap out.ivs Opening wep_64_ptw.cap Creating out.ivs Read 65282 packets. Written 30566 IVs. Merge all .ivs files into i file. [electronic mail protected]:~# ivstools --merge *.ivs /root/all-ivs.ivs Creating /root/all-ivs.ivs Opening out.ivs 916996 bytes written Opening out2.ivs 1374748 bytes written easside-ng Usage Example
Showtime, run buddy-ng, and then launch the Easside-ng assault, specifying as many of the options equally you can.
[electronic mail protected]:~# buddy-ng Waiting for connexion [email protected]:~# easside-ng -5 de:ad:be:ef:ca:fe -m 3c:46:d8:4e:ef:aa -s 127.0.0.1 -f wlan0mon -c vi Setting tap MTU Sorting out wifi MAC besside-ng
Attack WPA only (-West), display verbose output (-five) and use monitor mode interface wlan0mon.
[email protected]:~# besside-ng -W -v wlan0mon [18:39:34] mac 3c:46:d8:4e:ef:aa [eighteen:39:34] Let's ride [18:39:34] Appending to wpa.cap [18:39:34] Appending to wep.cap [eighteen:39:34] Logging to besside.log [18:39:35] Found AP 44:3a:cb:38:51:42 [watwutwot] chan one crypto WPA dbm -49 [18:39:35] Constitute AP 4c:8b:30:83:ed:91 [TELUS3079-2.4G] chan 1 crypto WPA dbm -71 [eighteen:39:35] Found AP 1c:87:2c:d3:34:eighteen [Kuroki] chan 3 crypto WPA dbm -89 [18:39:37] Plant AP 4c:8b:30:24:71:75 [SAMUEL9] chan 8 crypto WPA dbm -73 [eighteen:39:37] Found AP 0c:51:01:e6:01:c4 [fbi-van-24] chan 11 crypto WPA dbm -46 [18:39:37] Found AP 70:f1:96:8e:5c:02 [TELUS0455-2.4G] chan 11 crypto WPA dbm -78 [18:39:38] Found customer for network [Kuroki] ninety:06:28:cb:0f:f3 [18:39:41] Found AP f0:f2:49:3c:ec:a8 [fbi-van-24] chan one crypto WPA dbm -49 [18:39:42] Plant AP bc:4d:fb:2c:6d:88 [SHAW-2C6D80] chan 6 crypto WPA dbm -77 [xviii:39:42] Found customer for network [SHAW-2C6D80] 64:5a:04:98:e1:62 [18:39:43] Found AP ten:78:5b:e9:a4:e2 [TELUS2151] chan 11 crypto WPA dbm -49 [18:39:43] Found client for network [fbi-van-24] 60:6b:bd:5a:b6:6c airtun-ng Usage Examples
wIDS
Specify the BSSID of the access point you wish to monitor (-a DE:Advertising:Exist:EF:CA:Fe) and its WEP cardinal (-due west 1234567890).
[email protected]:~# airtun-ng -a DE:AD:BE:EF:CA:FE -westward 1234567890 wlan0mon created tap interface at0 WEP encryption specified. Sending and receiving frames through wlan0mon. FromDS scrap set in all frames. airserv-ng Usage Example
Offset a server instance on a specific port (-p 4444) using the wlan0mon interface on aqueduct 6 (-c 6).
[electronic mail protected]:~# airserv-ng -p 4444 -d wlan0mon -c half-dozen Opening card wlan0mon Setting chan vi Opening sock port 4444 Serving wlan0mon chan 6 on port 4444 airolib-ng Usage Examples
Specify the proper name of the database to use (airolib-db) and import a file containing the ESSIDs of the network(s) you are targeting (–import essid /root/essid.txt). If the database does non exist, it will be created.
[email protected]:~# airolib-ng airolib-db --import essid /root/essid.txt Database <airolib-db> does non already exist, creating it... Database <airolib-db> successfully created Reading file... Writing... Washed. Import any wordlists you lot wish to use for PMK ciphering.
[email protected]:~# airolib-ng airolib-db --import passwd /usr/share/doctor/aircrack-ng/examples/password.lst Reading file... Writing... read, 1814 invalid lines ignored. Done Use the –batch to compute all PMKs.
[email protected]:~# airolib-ng airolib-db --batch Computed 233 PMK in 0 seconds (233 PMK/due south, 0 in buffer). All ESSID processed. To use the airolib-ng database with aircrack-ng, use the -r selection and specify the database name.
[e-mail protected]:~# aircrack-ng -r airolib-db /root/wpa.cap Opening /root/wpa.cap Read thirteen packets. # BSSID ESSID Encryption ane 00:0D:93:EB:B0:8C test WPA (ane handshake) Choosing start network as target. Opening /root/wpa.cap Reading packets, delight wait... Aircrack-ng 1.iv [00:00:00] 230/0 keys tested (106728.53 k/southward) Time left: 0 seconds inf% KEY FOUND! [ biscotte ] Master Primal : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6 39 E4 30 B3 2F 31 AA 37 Ac 82 5A 55 B5 55 24 EE Transient Central : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49 73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08 Advertisement FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97 D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45 Quitting aircrack-ng... airodump-ng Usage Examples
Monitor all wireless networks, frequency hopping between all wireless channels.
[email protected]:~# airodump-ng wlan0mon CH 8 ][ Elapsed: 4 s ][ 2018-11-22 xiii:44 BSSID PWR Beacons #Information, #/due south CH MB ENC Zippo AUTH ESSID 54:A0:50:DA:7B:98 -76 1 0 0 1 54e WPA2 CCMP PSK RTINC-24 FC:15:B4:CF:0A:55 -70 ii 0 0 vi 54e. WPA2 CCMP PSK HP-Print-55-Envy 4500 series A8:4E:3F:73:DD:88 -67 iii 0 0 half dozen 720 WPA2 CCMP PSK WAT-73DD80 4C:8B:thirty:83:ED:91 -71 2 0 0 1 54e WPA2 CCMP PSK TELL-US-2.4G 4C:8B:thirty:D7:09:41 -76 2 0 0 1 54e WPA2 CCMP PSK SAMUELL-2.4G FA:8F:CA:89:xc:39 -82 2 0 0 i 135 OPN Raymond's Television.e102 AC:20:2E:CD:F4:88 -85 0 0 0 6 54e. WPA2 CCMP PSK Bong-CDF480 x:78:5B:2A:A1:21 -lxxx 2 0 0 6 54e WPA2 CCMP PSK COGECO-2.4G BSSID STATION PWR Rate Lost Frames Probe (not associated) 8C:85:90:0C:C5:D0 -44 0 - 1 i 5 (not associated) A0:63:91:43:C2:D5 -70 0 - 1 0 1 TT-D59979 (non associated) 14:91:82:04:D9:74 -43 0 - 1 0 1 1 Sniff on aqueduct 6 (-c 6) via monitor style interface wlan0mon and save the capture to a file (-w /root/chan6).
[email protected]:~# airodump-ng -c 6 -westward /root/chan6 wlan0mon CH 6 ][ Elapsed: viii s ][ 2017-11-12 xiii:49 BSSID PWR RXQ Beacons #Data, #/southward CH MB ENC CIPHER AUTH ESSID BC:4D:FB:2C:6D:88 -68 28 nine 3 0 half-dozen 54e. WPA2 CCMP PSK Bell-CDF4800 A8:4E:3F:73:DD:88 -74 33 19 0 0 6 54e. WPA2 CCMP PSK COGECO-2.4G FC:15:B4:CF:0A:55 -77 61 31 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series Filter for admission points by a specific manufacturer, specifying the OUI and mask (-d FC:fifteen:B4:00:00:00 -grand FF:FF:FF:00:00:00).
[email protected]:~# airodump-ng -d FC:15:B4:00:00:00 -m FF:FF:FF:00:00:00 wlan0mon CH fourteen ][ Elapsed: 18 s ][ 2018-11-22 13:53 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID FC:fifteen:B4:CF:0A:55 -76 9 0 0 vi 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series BSSID STATION PWR Charge per unit Lost Frames Probe airodump-ng-oui-update Usage Instance
airodump-ng-oui-update does non have whatsoever options. Run the command and await for it to complete.
[email protected]:~# airodump-ng-oui-update /usr/sbin/update-ieee-information Updating /var/lib/ieee-data//oui.txt Checking permissions on /var/lib/ieee-data//oui.txt Downloading https://standards.ieee.org/develop/regauth/oui/oui.txt to /var/lib/ieee-data//oui.txt Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui.txt /var/lib/ieee-information//oui.txt updated. Updating /var/lib/ieee-data//mam.txt Checking permissions on /var/lib/ieee-data//mam.txt Downloading https://standards.ieee.org/develop/regauth/oui28/mam.txt to /var/lib/ieee-information//mam.txt Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//mam.txt /var/lib/ieee-data//mam.txt updated. Updating /var/lib/ieee-data//oui36.txt Checking permissions on /var/lib/ieee-data//oui36.txt Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.txt to /var/lib/ieee-data//oui36.txt Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui36.txt /var/lib/ieee-data//oui36.txt updated. Updating /var/lib/ieee-information//iab.txt Checking permissions on /var/lib/ieee-data//iab.txt Downloading https://standards.ieee.org/develop/regauth/iab/iab.txt to /var/lib/ieee-data//iab.txt Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//iab.txt /var/lib/ieee-data//iab.txt updated. Updating /var/lib/ieee-information//oui.csv Checking permissions on /var/lib/ieee-information//oui.csv Downloading https://standards.ieee.org/develop/regauth/oui/oui.csv to /var/lib/ieee-data//oui.csv Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui.csv /var/lib/ieee-data//oui.csv updated. Updating /var/lib/ieee-data//mam.csv Checking permissions on /var/lib/ieee-data//mam.csv Downloading https://standards.ieee.org/develop/regauth/oui28/mam.csv to /var/lib/ieee-data//mam.csv Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//mam.csv /var/lib/ieee-data//mam.csv updated. Updating /var/lib/ieee-data//oui36.csv Checking permissions on /var/lib/ieee-data//oui36.csv Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.csv to /var/lib/ieee-data//oui36.csv Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui36.csv /var/lib/ieee-data//oui36.csv updated. Updating /var/lib/ieee-data//iab.csv Checking permissions on /var/lib/ieee-data//iab.csv Downloading https://standards.ieee.org/develop/regauth/iab/iab.csv to /var/lib/ieee-data//iab.csv Checking header Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//iab.csv /var/lib/ieee-data//iab.csv updated. Running parsers from /var/lib/ieee-data//update.d airmon-ng Usage Examples
Entering the airmon-ng command without parameters will show the interfaces status.
[email protected]:~# airmon-ng PHY Interface Driver Chipset phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n A number of processes can interfere with Airmon-ng. Using the check option volition brandish whatever processes that might be troublesome and the check kill option will kill them for you.
[email protected]:~# airmon-ng check Found iii processes that could crusade trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng cheque kill' PID Name 465 NetworkManager 515 dhclient 1321 wpa_supplicant [email protected]:~# airmon-ng check kill Killing these processes: PID Proper noun 515 dhclient 1321 wpa_supplicant Enable monitor style (start) on the given wireless interface (wlan0), stock-still on aqueduct six. A new interface will be created (wlan0mon in our case), which is the interface name yous will need to employ in other applications.
[electronic mail protected]:~# airmon-ng get-go wlan0 six PHY Interface Driver Chipset phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0) The stop option will destroy the monitor fashion interface and place the wireless interface back into managed mode.
[electronic mail protected]:~# airmon-ng terminate wlan0mon PHY Interface Driver Chipset phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n (mac80211 station fashion vif enabled on [phy0]wlan0) (mac80211 monitor way vif disabled for [phy0]wlan0mon) airgraph-ng Usage Examples
CAPR graph
Specify the input file to utilize (-i dump-01.csv), the output file to generate (-o capr.png) and the graph type (-k CAPR).
[electronic mail protected]:~# airgraph-ng -i dump-01.csv -o capr.png -g CAPR **** WARNING Images tin can exist big, upward to 12 Feet by 12 Feet**** Creating your Graph using, dump-01.csv and writing to, capr.png Depending on your system this tin accept a fleck. Delight standby...... CPG graph
Specify the input file to use (-i dump-01.csv), the output file to generate (-o cpg.png) and the graph type (-thou CAG).
[email protected]:~# airgraph-ng -i dump-01.csv -o cpg.png -chiliad CPG **** Warning Images tin can be large, up to 12 Feet past 12 Feet**** Creating your Graph using, dump-01.csv and writing to, cpg.png Depending on your system this tin take a scrap. Please standby...... aireplay-ng Usage Examples
Injection Test
Run the injection exam (-nine) via the monitor manner interface wlan0mon.
[email protected]:~# aireplay-ng -9 wlan0mon 22:55:44 Trying broadcast probe requests... 22:55:44 Injection is working! 22:55:46 Constitute 4 APs 22:55:46 Trying directed probe requests... 22:55:46 24:FB:95:FD:3D:7F - channel: vi - 'America' 22:55:52 30/30: 100% 22:55:52 34:6D:A0:CD:45:10 - channel: 6 - 'ATT2b8i4UD' 22:55:58 27/thirty: 90% 22:55:58 50:64:3D:2A:F7:A0 - channel: 6 - 'FBI surveillance van' 22:56:04 12/30: xl% 22:56:04 16:6E:EF:29:67:46 - channel: 6 - 'dd-wrt_vap' 22:56:x 1/thirty: 3% Deauthentication Assail
Run the deauthentication set on (-0), sending v packets to the wireless access point (-a 8C:7F:3B:7E:81:B6) to deauthenticate a wireless client (-c 00:08:22:B9:41:A1) via the monitor style interface wlan0mon.
[email protected]:~# aireplay-ng -0 5 -a 8C:7F:3B:7E:81:B6 -c 00:08:22:B9:41:A1 wlan0mon 12:41:56 Waiting for beacon frame (BSSID: 8C:7F:3B:7E:81:B6) on channel 6 12:41:57 Sending 64 directed DeAuth. STMAC: [00:08:22:B9:41:A1] [ 0| 0 ACKs] 12:41:58 Sending 64 directed DeAuth. STMAC: [00:08:22:B9:41:A1] [ 0| 0 ACKs] 12:41:58 Sending 64 directed DeAuth. STMAC: [00:08:22:B9:41:A1] [ 0| 0 ACKs] 12:41:59 Sending 64 directed DeAuth. STMAC: [00:08:22:B9:41:A1] [ 0| 0 ACKs] 12:42:00 Sending 64 directed DeAuth. STMAC: [00:08:22:B9:41:A1] [ 0| 0 ACKs] Fake Hallmark
Run the imitation authentication attack and re-authenticate every 6000 seconds (-1 6000) against the access point (-a F0:F2:49:82:DF:3B) with the given ESSID (-east FBI-Van-24), specifying our mac accost (-h 3c:46:d8:4e:ef:aa), using monitor way interface wlan0mon.
[e-mail protected]:~# aireplay-ng -1 6000 -due east FBI-Van-24 -a F0:F2:49:82:DF:3B -h 3c:46:d8:4e:ef:aa wlan0mon 12:49:59 Waiting for beacon frame (BSSID: F0:F2:49:82:DF:3B) on channel 6 12:50:06 Sending Authentication Asking (Open System) airbase-ng Usage Examples
Hirte Attack – Access Bespeak Mode
The Hirte attack attempts to retrieve a WEP key via a client. This case creates an admission point on channel six (-c half-dozen) with the specified ESSID (-eastward TotallyNotATrap) and uses the cfrag WEP attack (-N), setting the WEP flag in the beacons (-W i).
[email protected]:~# [email protected]:~# airbase-ng -c six -e TotallyNotATrap -Northward -W 1 wlan0mon 15:51:xi Created tap interface at0 15:51:11 Trying to set up MTU on at0 to 1500 15:51:11 Trying to fix MTU on wlan0mon to 1800 15:51:11 Access Bespeak with BSSID 3C:46:D8:4E:EF:AA started. Caffe Latte Assault – Admission Indicate Mode
As with the Hirte attack, the Caffe Latte Set on attempts to retrieve a WEP key via a customer. This instance creates an access bespeak on aqueduct 6 (-c 6) with the specified ESSID (-e AlsoNotATrap) and uses the Caffe Latte WEP attack (-50), setting the WEP flag in the beacons (-Westward 1).
[email protected]:~# airbase-ng -c vi -e AlsoNotATrap -L -W 1 wlan0mon xv:56:05 Created tap interface at0 15:56:05 Trying to ready MTU on at0 to 1500 xv:56:05 Access Point with BSSID 3C:46:D8:4E:EF:AA started. airdecap-ng
With a given ESSID (-e exam) and password (-p biscotte), decrypt the specified WPA capture (-r /usr/share/dr./aircrack-ng/examples/wpa.cap).
[email protected]:~# tcpdump -r wpa.cap reading from file wpa.cap, link-blazon PRISM_HEADER (802.11 plus Prism header) 03:01:06.609737 Beacon (examination) [ane.0* 2.0* v.v* 11.0* Mbit] ESS CH: 7, PRIVACY[|802.eleven] 03:01:06.678714 EAPOL key (iii) v1, len 95 03:01:06.678928 Acknowledgment RA:00:0d:93:eb:b0:8c (oui Unknown) 03:01:06.681525 EAPOL key (3) v1, len 119 03:01:06.681732 Acquittance RA:00:09:5b:91:53:5d (oui Unknown) 03:01:06.684370 EAPOL primal (3) v1, len 119 03:01:06.684584 Acknowledgment RA:00:0d:93:eb:b0:8c (oui Unknown) 03:01:06.685502 EAPOL key (3) v1, len 95 03:01:06.685708 Acquittance RA:00:09:5b:91:53:5d (oui Unknown) 03:01:06.686775 Data IV:12000 Pad twenty KeyID 0 03:01:06.686984 Acquittance RA:00:0d:93:eb:b0:8c (oui Unknown) 03:01:06.688139 Data IV:12000 Pad 20 KeyID 0 03:01:06.688344 Acknowledgment RA:00:09:5b:91:53:5d (oui Unknown) [email protected]:~# airdecap-ng -e test -p biscotte wpa.cap Full number of packets read 13 Full number of WEP information packets 0 Total number of WPA information packets 2 Number of plaintext data packets 0 Number of decrypted WEP packets 0 Number of corrupted WEP packets 0 Number of decrypted WPA packets 2 [email protected]:~# tcpdump -r wpa-december.cap reading from file wpa-december.cap, link-type EN10MB (Ethernet) 03:01:06.686775 EAPOL key (3) v1, len 127 03:01:06.688139 EAPOL cardinal (3) v1, len 95 Packages and Binaries:
aircrack-ng
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a 40-bit, 104-bit, 256-scrap or 512-fleck WEP primal once plenty encrypted packets have been gathered. Also it can attack WPA1/2 networks with some advanced methods or simply by brute force.
Information technology implements the standard FMS attack along with some optimizations, thus making the assail much faster compared to other WEP cracking tools. It can also fully employ a multiprocessor system to its full ability in order to speed up the cracking process.
aircrack-ng is a fork of aircrack, as that project has been stopped by the upstream maintainer.
Installed size: 2.36 MB
How to install: sudo apt install aircrack-ng
- ethtool
- hwloc
- iw
- libc6
- libgcc-s1
- libgcrypt20
- libhwloc15
- libnl-3-200
- libnl-genl-3-200
- libpcap0.8
- libpcre3
- libsqlite3-0
- libstdc++6
- python3
- rfkill
- usbutils
- wireless-tools
- zlib1g
airbase-ng
Multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself
[email protected]:~# airbase-ng --aid Airbase-ng ane.6 - (C) 2008-2020 Thomas d'Otreppe Original work: Martin Beck https://www.aircrack-ng.org usage: airbase-ng <options> <replay interface> Options: -a bssid : prepare Access Signal MAC address -i iface : capture packets from this interface -w WEP key : employ this WEP fundamental to en-/decrypt packets -h MAC : source mac for MITM fashion -f disallow : disallow specified client MACs (default: permit) -West 0|1 : [don't] set up WEP flag in beacons 0|1 (default: car) -q : serenity (practise not print statistics) -five : verbose (impress more letters) -A : Ad-Hoc Way (allows other clients to peer) -Y in|out|both : external package processing -c aqueduct : sets the channel the AP is running on -X : hidden ESSID -south : strength shared cardinal authentication (default: auto) -S : fix shared key claiming length (default: 128) -L : Caffe-Latte WEP attack (employ if driver can't send frags) -N : cfrag WEP attack (recommended) -x nbpps : number of packets per 2d (default: 100) -y : disables responses to broadcast probes -0 : set all WPA,WEP,open tags. can't be used with -z & -Z -z type : sets WPA1 tags. 1=WEP40 2=TKIP 3=WRAP 4=CCMP five=WEP104 -Z type : same as -z, but for WPA2 -V type : simulated EAPOL 1=MD5 2=SHA1 3=automobile -F prefix : write all sent and received frames into pcap file -P : respond to all probes, even when specifying ESSIDs -I interval : sets the beacon interval value in ms -C seconds : enables beaconing of probed ESSID values (requires -P) -due north hex : User specified ANonce when doing the 4-way handshake Filter options: --bssid MAC : BSSID to filter/use --bssids file : read a listing of BSSIDs out of that file --client MAC : MAC of client to filter --clients file : read a listing of MACs out of that file --essid ESSID : specify a single ESSID (default: default) --essids file : read a list of ESSIDs out of that file --help : Displays this usage screen aircrack-ng
A 802.11 WEP / WPA-PSK key cracker
[email protected]:~# aircrack-ng --help Aircrack-ng 1.6 - (C) 2006-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: aircrack-ng [options] <input file(s)> Common options: -a <amode> : forcefulness attack way (1/WEP, 2/WPA-PSK) -e <essid> : target option: network identifier -b <bssid> : target selection: admission point's MAC -p <nbcpu> : # of CPU to use (default: all CPUs) -q : enable quiet fashion (no status output) -C <macs> : merge the given APs to a virtual i -50 <file> : write central to file. Overwrites file. Static WEP cracking options: -c : search blastoff-numeric characters but -t : search binary coded decimal chr only -h : search the numeric key for Fritz!BOX -d <mask> : utilise masking of the cardinal (A1:Twenty:CF:YY) -thou <maddr> : MAC accost to filter usable packets -due north <nbits> : WEP key length : 64/128/152/256/512 -i <index> : WEP key index (1 to 4), default: any -f <fudge> : bruteforce fudge factor, default: two -k <korek> : disable one assail method (one to 17) -10 or -x0 : disable bruteforce for last keybytes -x1 : last keybyte bruteforcing (default) -x2 : enable last 2 keybytes bruteforcing -X : disable bruteforce multithreading -y : experimental single bruteforce manner -K : use only old KoreK attacks (pre-PTW) -s : show the key in ASCII while not bad -M <num> : specify maximum number of IVs to apply -D : WEP decloak, skips broken keystreams -P <num> : PTW debug: 1: disable Klein, 2: PTW -1 : run only ane try to fissure key with PTW -5 : run in visual inspection style WEP and WPA-PSK smashing options: -w <words> : path to wordlist(s) filename(south) -N <file> : path to new session filename -R <file> : path to existing session filename WPA-PSK options: -E <file> : create EWSA Projection file v3 -I <str> : PMKID string (hashcat -1000 16800) -j <file> : create Hashcat v3.6+ file (HCCAPX) -J <file> : create Hashcat file (HCCAP) -S : WPA cracking speed test -Z <sec> : WPA cracking speed examination length of execution. -r <DB> : path to airolib-ng database (Cannot be used with -w) SIMD option: --simd-list : Bear witness a list of the bachelor SIMD architectures, for this machine. --simd=<choice> : Utilize specific SIMD architecture. <selection> may be i of the following, depending on your platform: generic avx512 avx2 avx sse2 altivec power8 asimd neon Other options: -u : Displays # of CPUs & SIMD support --assist : Displays this usage screen airdecap-ng
Decrypt a WEP/WPA crypted pcap file
[email protected]:~# airdecap-ng --help Airdecap-ng 1.6 - (C) 2006-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: airdecap-ng [options] <pcap file> Mutual options: -50 : don't remove the 802.11 header -b <bssid> : access point MAC accost filter -e <essid> : target network SSID -o <fname> : output file for decrypted packets (default <src>-december) WEP specific option: -w <cardinal> : target network WEP key in hex -c <fname> : output file for corrupted WEP packets (default <src>-bad) WPA specific options: -p <pass> : target network WPA passphrase -one thousand <pmk> : WPA Pairwise Master Key in hex --assistance : Displays this usage screen If your capture contains any WDS package, you must specify the -b selection (otherwise merely packets destined to the AP will be decrypted) airdecloak-ng
Removes wep cloaked framed from a pcap file.
[email protected]:~# airdecloak-ng -h Airdecloak-ng ane.6 - (C) 2008-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: airdecloak-ng [options] options: Mandatory: -i <file> : Input capture file --ssid <ESSID> : ESSID of the network to filter or --bssid <BSSID> : BSSID of the network to filter Optional: -o <file> : Output packets (valid) file (default: <src>-filtered.pcap) -c <file> : Output packets (cloaked) file (default: <src>-cloaked.pcap) -u <file> : Output packets (unknown/ignored) file (default: invalid_status.pcap) --filters <filters> : Utilize filters (separated by a comma). Filters: signal: Effort to filter based on signal. duplicate_sn: Remove all indistinguishable sequence numbers for both the AP and the client. duplicate_sn_ap: Remove duplicate sequence number for the AP only. duplicate_sn_client: Remove indistinguishable sequence number for the client only. consecutive_sn: Filter based on the fact that IV should exist consecutive (just for AP). duplicate_iv: Remove all duplicate IV. signal_dup_consec_sn: Use betoken (if available), duplicate and sequent sequence number (filtering is much more precise than using all these filters one by one). --nil-packets : Assume that nada packets can exist cloaked. --disable-base_filter : Do not apply base filter. --drop-frag : Drop fragmented packets --assistance : Displays this usage screen aireplay-ng
Inject packets into a wireless network to generate traffic
[email protected]:~# aireplay-ng --help Aireplay-ng i.6 - (C) 2006-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: aireplay-ng <options> <replay interface> Filter options: -b bssid : MAC accost, Access Point -d dmac : MAC address, Destination -s smac : MAC address, Source -one thousand len : minimum bundle length -n len : maximum packet length -u type : frame command, blazon field -v subt : frame control, subtype field -t tods : frame control, To DS bit -f fromds : frame control, From DS bit -w iswep : frame control, WEP scrap -D : disable AP detection Replay options: -x nbpps : number of packets per second -p fctrl : gear up frame control word (hex) -a bssid : set Access Point MAC address -c dmac : set Destination MAC address -h smac : set Source MAC address -g value : alter ring buffer size (default: eight) -F : choose first matching parcel Fakeauth attack options: -east essid : prepare target AP SSID -o npckts : number of packets per burst (0=auto, default: 1) -q sec : seconds between keep-alives -Q : send reassociation requests -y prga : keystream for shared cardinal auth -T n : go out subsequently retry faux auth request n time Arp Replay assail options: -j : inject FromDS packets Fragmentation assault options: -thou IP : set up destination IP in fragments -l IP : fix source IP in fragments Test attack options: -B : activates the bitrate test Source options: -i iface : capture packets from this interface -r file : extract packets from this pcap file Miscellaneous options: -R : disable /dev/rtc usage --ignore-negative-one : if the interface's channel can't exist determined, ignore the mismatch, needed for unpatched cfg80211 --deauth-rc rc : Deauthentication reason code [0-254] (Default: 7) Attack modes (numbers can notwithstanding exist used): --deauth count : deauthenticate 1 or all stations (-0) --fakeauth delay : fake authentication with AP (-one) --interactive : interactive frame selection (-two) --arpreplay : standard ARP-asking replay (-3) --chopchop : decrypt/chopchop WEP packet (-4) --fragment : generates valid keystream (-5) --caffe-latte : query a client for new IVs (-6) --cfrag : fragments confronting a client (-7) --migmode : attacks WPA migration style (-viii) --test : tests injection and quality (-9) --aid : Displays this usage screen airmon-ng
POSIX sh script designed to turn wireless cards into monitor mode.
[email protected]:~# airmon-ng -h usage: airmon-ng <start|stop|check> <interface> [channel or frequency] airodump-ng
A wireless packet capture tool for aircrack-ng
[email protected]:~# airodump-ng --help Airodump-ng 1.six - (C) 2006-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: airodump-ng <options> <interface>[,<interface>,...] Options: --ivs : Save just captured IVs --gpsd : Use GPSd --write <prefix> : Dump file prefix -w : aforementioned as --write --beacons : Tape all beacons in dump file --update <secs> : Brandish update delay in seconds --showack : Prints ack/cts/rts statistics -h : Hides known stations for --showack -f <msecs> : Time in ms between hopping channels --berlin <secs> : Time before removing the AP/customer from the screen when no more packets are received (Default: 120 seconds) -r <file> : Read packets from that file -T : While reading packets from a file, simulate the arrival charge per unit of them as if they were "alive". -x <msecs> : Agile Scanning Simulation --manufacturer : Display manufacturer from IEEE OUI list --uptime : Brandish AP Uptime from Beacon Timestamp --wps : Display WPS information (if any) --output-format <formats> : Output format. Possible values: pcap, ivs, csv, gps, kismet, netxml, logcsv --ignore-negative-one : Removes the message that says fixed aqueduct <interface>: -i --write-interval <seconds> : Output file(south) write interval in seconds --background <enable> : Override background detection. -northward <int> : Minimum AP packets recv'd earlier for displaying it Filter options: --encrypt <suite> : Filter APs by zip suite --netmask <netmask> : Filter APs by mask --bssid <bssid> : Filter APs by BSSID --essid <essid> : Filter APs by ESSID --essid-regex <regex> : Filter APs by ESSID using a regular expression -a : Filter unassociated clients By default, airodump-ng hops on two.4GHz channels. You lot tin make it capture on other/specific channel(due south) by using: --ht20 : Set channel to HT20 (802.11n) --ht40- : Set channel to HT40- (802.11n) --ht40+ : Gear up channel to HT40+ (802.11n) --channel <channels> : Capture on specific channels --band <abg> : Band on which airodump-ng should hop -C <frequencies> : Uses these frequencies in MHz to hop --cswitch <method> : Fix channel switching method 0 : FIFO (default) 1 : Round Robin ii : Hop on final -s : same as --cswitch --help : Displays this usage screen airodump-ng-oui-update
IEEE oui list updater for airodump-ng
airolib-ng
Manage and create a WPA/WPA2 pre-computed hashes tables
[electronic mail protected]:~# airolib-ng -h Airolib-ng one.6 - (C) 2007, 2008, 2009 ebfe https://www.aircrack-ng.org Usage: airolib-ng <database> <operation> [options] Operations: --stats : Output information well-nigh the database. --sql <sql> : Execute specified SQL argument. --clean [all] : Clean the database from old junk. 'all' will also reduce filesize if possible and run an integrity bank check. --batch : Start batch-processing all combinations of ESSIDs and passwords. --verify [all] : Verify a set of randomly chosen PMKs. If 'all' is given, all invalid PMK will be deleted. --import [essid|passwd] <file> : Import a text file as a list of ESSIDs or passwords. --import cowpatty <file> : Import a cowpatty file. --export cowpatty <essid> <file> : Export to a cowpatty file. airserv-ng
A wireless card server
[email protected]:~# airserv-ng -h Airserv-ng one.6 - (C) 2007, 2008, 2009 Andrea Bittau https://world wide web.aircrack-ng.org Usage: airserv-ng <options> Options: -h : This help screen -p <port> : TCP port to heed on (default:666) -d <iface> : Wifi interface to employ -c <chan> : Channel to apply -v <level> : Debug level (1 to 3; default: ane) airtun-ng
A virtual tunnel interface creator for aircrack-ng
[email protected]:~# airtun-ng --help Airtun-ng 1.6 - (C) 2006-2020 Thomas d'Otreppe Original work: Martin Beck https://www.aircrack-ng.org usage: airtun-ng <options> <replay interface> -x nbpps : number of packets per 2d (default: 100) -a bssid : set Access Bespeak MAC address In WDS Mode this sets the Receiver -i iface : capture packets from this interface -y file : read PRGA from this file -westward wepkey : use this WEP-Fundamental to encrypt packets -p laissez passer : apply this WPA passphrase to decrypt packets (use with -a and -e) -e essid : target network SSID (apply with -p) -t tods : send frames to AP (1) or to client (0) or tunnel them into a WDS/Bridge (2) -r file : read frames out of pcap file -h MAC : source MAC address WDS/Bridge Mode options: -southward transmitter : set Transmitter MAC address for WDS Mode -b : bidirectional style. This enables communication in Transmitter'due south AND Receiver's networks. Works merely if you can run across both stations. Repeater options: --repeat : activates echo mode --bssid <mac> : BSSID to repeat --netmask <mask> : netmask for BSSID filter --help : Displays this usage screen airventriloquist-ng
Encrypted WiFi packet injection
[e-mail protected]:~# airventriloquist-ng --help Airventriloquist-ng 1.6 - (C) 2015 Tim de Waal https://www.aircrack-ng.org usage: airventriloquist-ng [options] -i <replay interface> : Interface to heed and inject on -d | --deauth : Send active deauths to encrypted stations -e | --essid <value> : ESSID of target network -p | --passphrase <val> : WPA Passphrase of target network -c | --icmp : Reply to all ICMP frames (Debug) -n | --dns : IP to resolve all DNS queries to -s | --hijack <URL> : URL to look for in HTTP requests <URL> tin have wildcards eg: *jquery*.js* -r | --redirect <URL> : URL to redirect to -v | --verbose : Verbose output --help : This super helpful message besside-ng
Scissure a WEP or WPA key without user intervention and collaborate with WPA slap-up statistics
[e-mail protected]:~# besside-ng -h Besside-ng 1.6 - (C) 2010 Andrea Bittau https://www.aircrack-ng.org Usage: besside-ng [options] <interface> Options: -b <victim mac> Victim BSSID -R <victim ap regex> Victim ESSID regex (requires PCRE) -s <WPA server> Upload wpa.cap for cracking -c <chan> chanlock -p <pps> inundation charge per unit -W WPA simply -v verbose, -vv for more, etc. -h This assist screen besside-ng-crawler
Filter EAPOL frames from a directory of capture files.
[email protected]:~# besside-ng-crawler -h Use: besside-ng-crawler <SearchDir> <CapFileOut> What does it do? Information technology recurses the SearchDir directory Opens all files in there, searching for pcap-dumpfiles Filters out a unmarried buoy and all EAPOL frames from the WPA networks in there And saves them to CapFileOut. buddy-ng
A tool to work with easside-ng
[electronic mail protected]:~# buddy-ng -h Buddy-ng i.half dozen - (C) 2007,2008 Andrea Bittau https://world wide web.aircrack-ng.org Usage: buddy-ng <options> Options: -h : This aid screen -p : Don't drib privileges dcrack
[email protected]:~# dcrack -h Unknown cmd -h dcrack v0.3 Usage: dcrack.py [Fashion] server Runs coordinator client <server addr> Runs cracker cmd <server addr> [CMD] Sends a control to server [CMD] tin can be: dict <file> cap <file> crack <bssid> remove <bssid> status easside-ng
An machine-magic tool which allows you to communicate via an WEP-encrypted AP without knowing the key
[email protected]:~# easside-ng -h Easside-ng one.6 - (C) 2007, 2008, 2009 Andrea Bittau https://www.aircrack-ng.org Usage: easside-ng <options> Options: -h : This aid screen -5 <victim mac> : Victim BSSID -m <src mac> : Source MAC address -i <ip> : Source IP address -r <router ip> : Router IP address -s <buddy ip> : Buddy-ng IP accost (mandatory) -f <iface> : Interface to use (mandatory) -c <channel> : Lock menu to this channel -northward : Decide Cyberspace IP only ivstools
Extract IVs from a pcap file or merges several .ivs files into one
[email protected]:~# ivstools -h ivsTools ane.half dozen - (C) 2006-2020 Thomas d'Otreppe https://world wide web.aircrack-ng.org usage: ivstools --convert <pcap file> <ivs output file> Extract ivs from a pcap file ivstools --merge <ivs file ane> <ivs file ii> .. <output file> Merge ivs files kstats
Show statistical FMS algorithm votes for an ivs dump and a specified WEP key
[email protected]:~# kstats -h usage: kstats <ivs file> <104-fleck key> makeivs-ng
Generate a dummy IVS dump file with a specific WEP key
[electronic mail protected]:~# makeivs-ng -h makeivs-ng 1.6 - (C) 2006-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: makeivs-ng [options] Common options: -b <bssid> : Set access point MAC address -f <num> : Number of offset 4 -k <key> : Target network WEP cardinal in hex -s <num> : Seed used to setup random generator -due west <file> : Filename to write IVs into -c <num> : Number of IVs to generate -d <num> : Percentage of dupe IVs -e <num> : Percentage of erroneous keystreams -l <num> : Length of keystreams -n : Ignores weak IVs -p : Uses prng algorithm to generate IVs --assistance : Displays this usage screen packetforge-ng
Forge packets: ARP, UDP, ICMP or custom packets.
[email protected]:~# packetforge-ng --assistance Packetforge-ng 1.vi - (C) 2006-2020 Thomas d'Otreppe Original work: Martin Brook https://world wide web.aircrack-ng.org Usage: packetforge-ng <fashion> <options> Forge options: -p <fctrl> : ready frame command word (hex) -a <bssid> : set Access Point MAC address -c <dmac> : set Destination MAC address -h <smac> : set Source MAC accost -j : set FromDS fleck -o : clear ToDS bit -e : disables WEP encryption -k <ip[:port]> : set Destination IP [Port] -fifty <ip[:port]> : set Source IP [Port] -t ttl : set Time To Live -w <file> : write packet to this pcap file -southward <size> : specify size of cypher bundle -northward <packets> : set number of packets to generate Source options: -r <file> : read packet from this raw file -y <file> : read PRGA from this file Modes: --arp : forge an ARP packet (-0) --udp : forge an UDP packet (-1) --icmp : forge an ICMP packet (-2) --null : build a cipher package (-3) --custom : build a custom parcel (-nine) --help : Displays this usage screen tkiptun-ng
Inject a few frames into a WPA TKIP network with QoS
[email protected]:~# tkiptun-ng --help Tkiptun-ng 1.6 - (C) 2008-2020 Thomas d'Otreppe https://www.aircrack-ng.org usage: tkiptun-ng <options> <replay interface> Filter options: -d dmac : MAC address, Destination -south smac : MAC address, Source -m len : minimum package length (default: 80) -n len : maximum bundle length (default: 80) -t tods : frame control, To DS bit -f fromds : frame command, From DS bit -D : disable AP detection -Z : select packets manually Replay options: -x nbpps : number of packets per second -a bssid : set Access Betoken MAC accost -c dmac : set Destination MAC accost -h smac : set Source MAC address -eastward essid : set target AP SSID -M sec : MIC error timeout in seconds [60] Debug options: -M prga : keystream for continuation -y file : keystream-file for continuation -j : inject FromDS packets -P pmk : pmk for verification/vuln testing -p psk : psk to calculate pmk with essid source options: -i iface : capture packets from this interface -r file : excerpt packets from this pcap file --help : Displays this usage screen wesside-ng
Crack a WEP key of an open up network without user intervention
[email protected]:~# wesside-ng -h Wesside-ng ane.half dozen - (C) 2007, 2008, 2009 Andrea Bittau https://world wide web.aircrack-ng.org Usage: wesside-ng <options> Options: -h : This help screen -i <iface> : Interface to utilise (mandatory) -m <my ip> : My IP address -n <net ip> : Network IP address -a <mymac> : Source MAC Accost -c : Practise not scissure the key -p <min prga> : Minimum bytes of PRGA to assemble -v <victim mac> : Victim BSSID -t <threshold> : Swell threshold -f <max chan> : Highest scanned chan (default: 11) -k <txnum> : Ignore acks and tx txnum times wpaclean
Clean wpa capture files
[email protected]:~# wpaclean -h Usage: wpaclean <out.cap> <in.cap> [in2.cap] [...] airgraph-ng
airgraph-ng is a tool to create a graph ouf of the txt file created by airodump with its -w pick. The graph shows the relationships betwixt the clients and the admission points.
Installed size: 105 KB
How to install: sudo apt install airgraph-ng
- graphviz
- python3
airgraph-ng
A 802.11 visualization utility
[email protected]:~# airgraph-ng -h usage: airgraph-ng [-h] [-o OUTPUT] [-i INPUT] [-m GRAPH_TYPE] [-d] Generate Client to AP Relationship (CAPR) and Common probe graph (CPG) from a airodump-ng CSV file optional arguments: -h, --help bear witness this assist message and exit -o OUTPUT, --output OUTPUT Our Output Image ie... Image.png -i INPUT, --input INPUT Airodump-ng txt file in CSV format. Not the pcap -m GRAPH_TYPE, --graph GRAPH_TYPE Graph Blazon Current [CAPR (Client to AP Relationship) OR CPG (Common probe graph)] -d, --dotfile Keep the dot graph file afterwards the export to the PNG paradigm has been done airodump-join
A support tool for airgraph-ng that allows you to join the airodump output files.
[email protected]:~# airodump-join -h Usage: airodump-join [options] arg1 arg2 arg3 ..... Options: -h, --help testify this assistance bulletin and get out -o OUTPUT, --output=OUTPUT output file to write to -i FILENAME, --file=FILENAME Input files to read data from requires at least two arguments Updated on: 2021-Sep-xiii
snodgrassdiffe1947.blogspot.com
Source: https://www.kali.org/tools/aircrack-ng/
Belum ada Komentar untuk "How to Capture and Read Network Traffic Using Airodump-ng"
Posting Komentar