Complete suite of tools to assess WiFi network security including capture, cracking, analysis, and replay.

aircrack-ng -w wordlist.txt capture.cap

aircrack-ng -w wordlist.txt capture.cap

Powerful framework for network attacks, MITM, sniffing, and monitoring with WiFi, BLE, and HID support.

bettercap -iface wlan0mon

bettercap -iface wlan0mon

Automated wireless attack tool for WEP, WPA/WPA2, WPS with Pixie Dust support.

wifite --kill -i wlan0mon

wifite --kill -i wlan0mon

Multi-use bash script with DoS attacks, evil twin, WPS attacks, and enterprise targeting.

./airgeddon.sh

./airgeddon.sh

Capture WPA/WPA2 handshakes and PMKID from access points. Works with hashcat.

hcxdumptool -i wlan0mon -o capture.pcapng --enable_status=15

hcxdumptool -i wlan0mon -o capture.pcapng --enable_status=15

Portable solution for conversion of packet captures to hashcat/JtR formats.

hcxpcapngtool -o hash.hc22000 capture.pcapng

hcxpcapngtool -o hash.hc22000 capture.pcapng

Targeted evil twin attacks against WPA2-Enterprise networks with credential harvesting.

./eaphammer --cert-wizard

./eaphammer --cert-wizard

WiFi testing tool for DoS attacks, beacon flooding, deauthentication, and more.

mdk4 wlan0mon d -c 6

mdk4 wlan0mon d -c 6

WPS PIN brute force attack tool for WPS-enabled routers.

reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv

reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv

Alternative WPS brute force tool with Pixie Dust attack support.

bully wlan0mon -b AA:BB:CC:DD:EE:FF -d -v 3

bully wlan0mon -b AA:BB:CC:DD:EE:FF -d -v 3

Automated phishing attacks against WiFi networks for credential harvesting.

wifiphisher -aI wlan0 -jI wlan1

wifiphisher -aI wlan0 -jI wlan1

Social engineering tool for WPA key recovery with captive portal attacks.

./fluxion.sh

./fluxion.sh

Wireless network detector, sniffer, and IDS with web interface and extensive protocol support.

kismet -c wlan0mon

kismet -c wlan0mon

Graphical WiFi scanner showing channels, security, signal strength, and vendor info.

linssid

linssid

Identify WPS-enabled access points and check for Pixie Dust vulnerability.

wash -i wlan0mon

wash -i wlan0mon

Packet capture tool for raw 802.11 frames, part of Aircrack-ng suite.

airodump-ng wlan0mon

airodump-ng wlan0mon

Lightweight 802.11 wireless LAN analyzer with ncurses interface.

horst -i wlan0mon

horst -i wlan0mon

WiFi spectrum analyzer with GPS tracking for wardriving and heatmaps.

sparrow-wifi

sparrow-wifi

World's fastest password cracker with GPU acceleration. Supports WPA/WPA2/WPA3.

hashcat -m 22000 capture.hc22000 wordlist.txt

hashcat -m 22000 capture.hc22000 wordlist.txt

Open-source password cracker with WiFi hash support via wpapsk format.

john --wordlist=rockyou.txt --format=wpapsk hashes.txt

john --wordlist=rockyou.txt --format=wpapsk hashes.txt

WPA-PSK dictionary attack tool with precomputed hash support.

cowpatty -f wordlist.txt -r capture.cap -s ESSID

cowpatty -f wordlist.txt -r capture.cap -s ESSID

WPA/WPA2 cracker utilizing GPU and cloud computing for massive speed.

pyrit -r capture.cap -i wordlist.txt attack_passthrough

pyrit -r capture.cap -i wordlist.txt attack_passthrough

Bluetooth Low Energy Swiss Army knife for sniffing, jamming, and hijacking.

btlejack -f 0x9c68fd30 -t -m

btlejack -f 0x9c68fd30 -t -m

BLE device discovery, MITM attacks, and characteristic manipulation.

bettercap --eval 'ble.recon on'

bettercap --eval 'ble.recon on'

Official Linux Bluetooth protocol stack with scanning and management tools.

hcitool scan; bluetoothctl

hcitool scan; bluetoothctl

Open-source 2.4 GHz wireless development platform for Bluetooth experimentation.

ubertooth-btle -f

ubertooth-btle -f

Crack BLE encryption to decrypt captured traffic.

crackle -i capture.pcap

crackle -i capture.pcap

Generic Attribute Profile (GATT) tool for BLE device interaction.

gatttool -b AA:BB:CC:DD:EE:FF -I

gatttool -b AA:BB:CC:DD:EE:FF -I

Investigate wireless protocols like a boss with signal analysis, modulation, and reverse engineering.

urh

urh

Software-defined radio receiver powered by GNU Radio and Qt GUI.

gqrx

gqrx

Free software development toolkit for signal processing and SDR.

gnuradio-companion

gnuradio-companion

Software-defined radio attack tool for rolling code and frequency hopping.

python rfcrack.py

python rfcrack.py

Offline radio signal analyser for visualizing captured RF data.

inspectrum capture.cu8

inspectrum capture.cu8

Generic data receiver for ISM band devices (433.92 MHz, 868 MHz, 915 MHz).

rtl_433 -f 433.92M

rtl_433 -f 433.92M

Dual-band AC1200 WiFi adapter with monitor mode and packet injection (chipset: RTL8812AU).

N/A - Hardware

N/A - Hardware

High-power 802.11n adapter, excellent for long-range attacks (chipset: AR9271).

N/A - Hardware

N/A - Hardware

Budget-friendly adapter with monitor mode support (chipset: AR9271). Beware v2/v3!

N/A - Hardware

N/A - Hardware

Purpose-built pentesting platform for MITM, evil twin, and reconnaissance.

Web Interface

Web Interface

Half-duplex SDR transceiver covering 1 MHz to 6 GHz. Hardware hacking workhorse.

hackrf_info

hackrf_info

Budget SDR receiver (RX only) for 500 kHz to 1.7 GHz. Perfect for learning.

rtl_test

rtl_test

Open-source 2.4 GHz development platform specifically for Bluetooth research.

ubertooth-util -v

ubertooth-util -v

Sub-1 GHz RF transceiver for testing <1 GHz wireless devices (RfCat compatible).

rfcat -r

rfcat -r

Portable multi-tool for pentesting and debugging digital hardware with sub-GHz, RFID, NFC, IR.

Web Interface

Web Interface

RFID/NFC research tool for reading, writing, and emulating RFID/NFC tags.

pm3

pm3