Skip to main content

Aircrack-ng

Aircrack-ng is fast and efficient Wi-Fi security testing tool with extensive functionality and strong community support. - Charlie Miller

What is the purpose of Aircrack-ng?

Aircrack-ng is an open source tool suite designed to assess, test WiFi network security. Here are the primary uses of Aircrack-ng:

  • Packet Capture and Injection: Aircrack-ng captures packets from a Wi-Fi network, enabling detailed analysis of the traffic. It also supports packet injection, which is essential for testing network security and conducting penetration tests.

  • WEP and WPA/WPA2-PSK Cracking: The tool can crack WEP keys and WPA/WPA2-PSK passwords by using captured packets and performing brute force or dictionary attacks, its provides to users identification of weak encryption practices.

  • Network Monitoring: Aircrack-ng includes tools for real-time network monitoring, allowing users to observe network activity, identify connected devices and export of data to text files for further processing by third party tools

  • Attack vectors: Replay attacks, deauthentication, fake access points and others via packet injection. The packet injection can provides to know users to current activites reality. In addition Aircrack -ng attacks play an active role in deauthentication.

  • Compatibility: The Aircrack -ng tool is compatible with other operating systems. For example Linux, Windows and MacOS. This allows the Aircrack -ng tool to be used by more users and environments.

Core Features

  • WEP and WPA/WPA2 Cracking
  • Packet Capture
  • Network Monitoring
  • Packet Injection
  • Dictionary and Wordlist Attacks
  • Deauthentication Attacks
  • Replay Attacks
  • Network Analysis and Statistics

Data sources

  • Captured Packets
  • Handshake Files
  • Wordlists
  • Network Scans
  • Probe Requests and Responses
  • Deauthentication Frames

Common Aircrack-ng Commands

1. Capture Packets

  • This command captures packets from a specified wireless interface and saves them in a spesific file.
airodump-ng <interface>

2. Crack WEP Key

  • This command cracks a WEP key using the captured packets. Cryptographic attacks can be used to reveal the real password.
aircrack-ng -b <BSSID> <capture_file>

3. Crack WPA/WPA2-PSK Key

  • This command cracks a WPA/WPA2-PSK key using a wordlist and the captured handshake. It attempts to match the captured password key with possible passphrases from the wordlist.
aircrack-ng -w <wordlist> -b <BSSID> <capture_file>

4. Monitor Mode

  • This command enables monitor mode on a specified wireless interface connection. Monitor mode is required to be able to read and display all packets on the wireless link.
airmon-ng start <interface>

5. Deauthenticate Clients

  • This command deauthenticates clients of an access point to capture the handshake; in other words, it forcibly kicks clients off the system. So that they will try and reconnect their connection, hence giving you a chance to capture the handshake and entering the system.
aireplay-ng --deauth <count> -a <BSSID> -c <client_MAC> <interface>

6. Fake Authentication

  • This command provides fake authentication to an access point. It assists in associating with an access point without knowing a valid password; many times, it is a prerequisite to further attacks.
aireplay-ng -1 0 -e <ESSID> -a <BSSID> -h <MAC_address> <interface>

7. ARP Request Replay

  • This command performs an ARP(The Address Resolution Protocol) request replay attack to generate traffic. This traffic makes the process of cracking WEB keys easier and faster. This makes the Aircrack -ng tool more functional.
aireplay-ng -3 -b <BSSID> -h <MAC_address> <interface>

8. Packet Injection Test

  • This command tests packet injection capabilities of the wireless interface. Successful packet injection is critical for network conneciton attacks.
aireplay-ng -9 <interface>

9. Stop Monitor Mode

  • This turns off monitor mode on any wireless interface. Returns the interface to managed mode, returning it to normal networking. It's sort of the final stage of the attack. The programme stops running.
airmon-ng stop <interface>

10. Help and Usage Information

  • This command displays the help menu and usage information for Aircrack-ng. It provides an overview of available options and command syntax.
aircrack-ng -h

Alternative usage:

aircrack-ng --help

Output Examples of Aircrack-ng Commands

CommandExample UsageFunctionOutput Example
Monitor Modeairmon-ng start wlan0Enables monitor mode on wlan0 interface.Interface wlan0 set to monitor mode on channel 6
Stop Monitor Modeairmon-ng stop wlan0Stops monitor mode on wlan0 interface.Interface wlan0 set to managed mode
Capture Packetsairodump-ng wlan0Captures packets on wlan0 interface.CH 9 ][ Elapsed: 10 s ][ 2024-08-07 18:25 ]
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
AA:BB:CC:DD:EE:FF -30 10 20 0 6 54e WPA2 CCMP PSK MyNetwork
Use a Specific Channelairodump-ng --channel 6 wlan0Captures packets on a specified channel.CH 6 ][ Elapsed: 10 s ][ 2024-08-07 18:25 ]
Start WPA Handshake Captureairodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0Captures WPA handshake for cracking later.Waiting for packets...
Deauthenticate Clientsaireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF -c 00:11:22:33:44:55 wlan0Deauthenticates clients from access point.Sending 64 directed DeAuth. STMAC: [00:11:22:33:44:55]
Fake Authenticationaireplay-ng -1 0 -e MyNetwork -a AA:BB:CC:DD:EE:FF -h 00:11:22:33:44:55 wlan0Performs fake authentication with access point.Association successful :-)
Packet Injection Testaireplay-ng -9 wlan0Tests packet injection capabilities.Injection is working!
ARP Request Replayaireplay-ng -3 -b AA:BB:CC:DD:EE:FF -h 00:11:22:33:44:55 wlan0Performs ARP request replay attack.The AP appears to drop packets of length: 68
Start WEP Attackaircrack-ng -b AA:BB:CC:DD:EE:FF -w wordlist.txt capture.capStarts WEP attack using a wordlist.Attempting to crack WEP key...
Crack WEP Keyaircrack-ng -b AA:BB:CC:DD:EE:FF capture.capCracks WEP key using capture file.KEY FOUND! [ 12:34:56:78:90 ]
Crack WPA/WPA2-PSK Keyaircrack-ng -w rockyou.txt -b AA:BB:CC:DD:EE:FF capture.capCracks WPA/WPA2-PSK key using wordlist.Passphrase not in dictionary
Read 100000 packets...
Capture PMKID for WPA/WPA2hcxdumptool -i wlan0 -o capture.pmkidCaptures PMKID for WPA/WPA2 cracking.PMKID: XX:XX:XX:XX:XX:XX
Use Precomputed Hashesaircrack-ng -m 2500 -b AA:BB:CC:DD:EE:FF -w hashes.txt capture.capUses precomputed hashes for cracking WPA/WPA2.Cracking with precomputed hashes...
Create a Fake APairbase-ng -e MyNetwork -c 6 wlan0Creates a fake access point for phishing.Starting fake access point...
WEP Injection Attackaireplay-ng -2 -b AA:BB:CC:DD:EE:FF -h 00:11:22:33:44:55 wlan0Sends injection packets to perform a WEP attack.Injection successful!