Wireless Testing Tools

Complete suite of tools to assess WiFi network security including capture, cracking, analysis, and replay.

aircrack-ng -w wordlist.txt capture.cap

Powerful framework for network attacks, MITM, sniffing, and monitoring with WiFi, BLE, and HID support.

bettercap -iface wlan0mon

Automated wireless attack tool for WEP, WPA/WPA2, WPS with Pixie Dust support.

wifite --kill -i wlan0mon

Multi-use bash script with DoS attacks, evil twin, WPS attacks, and enterprise targeting.

./airgeddon.sh

Capture WPA/WPA2 handshakes and PMKID from access points. Works with hashcat.

hcxdumptool -i wlan0mon -o capture.pcapng --enable_status=15

Portable solution for conversion of packet captures to hashcat/JtR formats.

hcxpcapngtool -o hash.hc22000 capture.pcapng

Targeted evil twin attacks against WPA2-Enterprise networks with credential harvesting.

./eaphammer --cert-wizard

WiFi testing tool for DoS attacks, beacon flooding, deauthentication, and more.

mdk4 wlan0mon d -c 6

WPS PIN brute force attack tool for WPS-enabled routers.

reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv

Alternative WPS brute force tool with Pixie Dust attack support.

bully wlan0mon -b AA:BB:CC:DD:EE:FF -d -v 3

Automated phishing attacks against WiFi networks for credential harvesting.

wifiphisher -aI wlan0 -jI wlan1

Social engineering tool for WPA key recovery with captive portal attacks.

./fluxion.sh

Wireless network detector, sniffer, and IDS with web interface and extensive protocol support.

kismet -c wlan0mon

Graphical WiFi scanner showing channels, security, signal strength, and vendor info.

linssid

Identify WPS-enabled access points and check for Pixie Dust vulnerability.

wash -i wlan0mon

Packet capture tool for raw 802.11 frames, part of Aircrack-ng suite.

airodump-ng wlan0mon

Lightweight 802.11 wireless LAN analyzer with ncurses interface.

horst -i wlan0mon

WiFi spectrum analyzer with GPS tracking for wardriving and heatmaps.

sparrow-wifi

World's fastest password cracker with GPU acceleration. Supports WPA/WPA2/WPA3.

hashcat -m 22000 capture.hc22000 wordlist.txt

Open-source password cracker with WiFi hash support via wpapsk format.

john --wordlist=rockyou.txt --format=wpapsk hashes.txt

WPA-PSK dictionary attack tool with precomputed hash support.

cowpatty -f wordlist.txt -r capture.cap -s ESSID

WPA/WPA2 cracker utilizing GPU and cloud computing for massive speed.

pyrit -r capture.cap -i wordlist.txt attack_passthrough

Bluetooth Low Energy Swiss Army knife for sniffing, jamming, and hijacking.

btlejack -f 0x9c68fd30 -t -m

BLE device discovery, MITM attacks, and characteristic manipulation.

bettercap --eval 'ble.recon on'

Official Linux Bluetooth protocol stack with scanning and management tools.

hcitool scan; bluetoothctl

Open-source 2.4 GHz wireless development platform for Bluetooth experimentation.

ubertooth-btle -f

Crack BLE encryption to decrypt captured traffic.

crackle -i capture.pcap

Generic Attribute Profile (GATT) tool for BLE device interaction.

gatttool -b AA:BB:CC:DD:EE:FF -I

Investigate wireless protocols like a boss with signal analysis, modulation, and reverse engineering.

urh

Software-defined radio receiver powered by GNU Radio and Qt GUI.

gqrx

Free software development toolkit for signal processing and SDR.

gnuradio-companion

Software-defined radio attack tool for rolling code and frequency hopping.

python rfcrack.py

Offline radio signal analyser for visualizing captured RF data.

inspectrum capture.cu8

Generic data receiver for ISM band devices (433.92 MHz, 868 MHz, 915 MHz).

rtl_433 -f 433.92M

Dual-band AC1200 WiFi adapter with monitor mode and packet injection (chipset: RTL8812AU).

N/A - Hardware

High-power 802.11n adapter, excellent for long-range attacks (chipset: AR9271).

N/A - Hardware

Budget-friendly adapter with monitor mode support (chipset: AR9271). Beware v2/v3!

N/A - Hardware

Purpose-built pentesting platform for MITM, evil twin, and reconnaissance.

Web Interface

Half-duplex SDR transceiver covering 1 MHz to 6 GHz. Hardware hacking workhorse.

hackrf_info

Budget SDR receiver (RX only) for 500 kHz to 1.7 GHz. Perfect for learning.

rtl_test

Open-source 2.4 GHz development platform specifically for Bluetooth research.

ubertooth-util -v

Sub-1 GHz RF transceiver for testing <1 GHz wireless devices (RfCat compatible).

rfcat -r

Portable multi-tool for pentesting and debugging digital hardware with sub-GHz, RFID, NFC, IR.

Web Interface

RFID/NFC research tool for reading, writing, and emulating RFID/NFC tags.

pm3