Learn how to attack wireless networks
Learn about exploiting wireless networks, including protocols, Wi-Fi authentication and weak points.
This skills course also covers
⇒ Attacking wireless networks
⇒ Tools and techniques used to break into passwords
Last year, I wrote an article covering popular wireless hacking tools to crack or recover password of wireless network. We added 13 tools in that article which were popular and work great. Now I am updating that post to add few more in that list.
I will not explain about wireless security and WPA/WEP. You can read the existing article on wireless hacking tools to learn about them. In this post, I am updating the existing list to add few more powerful tools. I am adding seven new tools in the existing list to give you a single list of the most used wireless cracking tools.
Aircrack is the most popular and widely-known wireless password cracking tool. It is used as 802.11 WEP and WPA-PSK keys cracking tool around the globe. It first captures packets of the network and then try to recover password of the network by analyzing packets. It also implements standard FMS attacks with some optimizations to recover or crack password of the network. optimizations include KoreK attacks and PTW attack to make the attack much faster than other WEP password cracking tools. This tool is powerful and used most widely across the world. This is the reason I am adding it at the top of the list.
It offers console interface. If you find this tool hard to use, you can try the available online tutorials. Company behind this tool also offers online tutorial to let you learn by yourself.
AirSnort is another popular wireless LAN password cracking tool. It can crack WEP keys of Wi-Fi802.11b network. This tool basically operates by passively monitoring transmissions and then computing the encryption key when enough packets have been gathered. This tool is freely available for Linux and Windows platform. It is also simple to use. The tool has not been updated for around three years, but it seems that company behind this tool is now interested in further development. This tool is also directly involved in WEP cracking and hence used widely.
Download AirSnort: http://sourceforge.net/projects/airsnort/
Kismet is another Wi-Fi 802.11 a/b/g/n layer 2 wireless network sniffer and intrusion detection system. This tool is basically used in Wi-Fi troubleshooting. It works fine with any Wi-Fi card supporting rfmon mode. It is available for Windows, Linux, OS X and BSD platforms. This tool passively collects packets to identify standard network and also detects the hidden networks. Built on a client server modular architecture, this tool can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It is an open source tool and supports recent faster wireless standards.
Download Kismet: http://www.kismetwireless.net/download.shtml
4. Cain & Able
Cain & Able is another popular tool used for cracking wireless network passwords. This tool was developed to intercept the network traffic and then use the brute forcing to discover the passwords. This is why this tool helps a lot while finding the password of wireless network by analyzing the routing protocols. This tool can also be used to crack other kind of passwords. It is one of the most popular password cracking tools.
This tool is not just for WEP cracking but various other features are also there. It is basically used for Windows password cracking. This is the reason this tool is so popular among users.
Download Cain & Able: http://www.oxid.it/cain.html
WireShark is a very popular tool in networking. It is the network protocol analyzer tool which lets you check different things in your office or home network. You can live capture packets and analyze packets to find various things related to network by checking the data at the micro-level. This tool is available for Windows, Linux, OS X, Solaris, FreeBSD and other platforms.
If you are thinking to try this tool, I recommend you to first read about networking and protocols. WireShark requires good knowledge of network protocols to analyze the data obtained with the tool. If you do not have good knowledge of that, you may not find this tool interesting. So, try only if you are sure about your protocol knowledge.
Wireshark does is one of the most popular tool in networking and this is why it was included in this list in higher position.
Download Wireshark: https://www.wireshark.org/
6. Fern WiFi Wireless Cracker
Fern WiFi Wireless Cracker is another nice tool which helps with network security. It lets you see real-time network traffic and identify hosts. Basically this tool was developed to find flaws in computer networks and fixes the detected flaws. It is available for Apple, Windows and Linux platforms.
it is able to crack and recover WEP/WPA/WPS keys easily. It can also run other network based attacks on wireless or Ethernet based networks. For cracking WPA/WPA2, it uses WPS based on dictionary based attacks. For WEP cracking, it uses Fragmentation, Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack.
This tool is in active development. SO, you can expect timely update with new features. Pro version of the tool is also available which offers much features.
Download Fern WiFi Wireless cracker: http://www.fern-pro.com/downloads.php
CoWPAtty is another nice wireless password cracking tool. It is an automated dictionary attack tool for WPA-PSK to crack the passwords. It runs on Linux OS and offers a less interesting command line interface to work with. It runs on a word-list containing thousands of password to use in the attack. If the password is in the password’s word-list, this tool will surely crack the password. But this tool is slow and speed depends on the word list and password’s strength. Another reason for slow process is that the hash uses SHA1 with a seed of SSID. It means the same password will have a different SSIM. So, you cannot simply use the rainbow table against all access points. So, the tool uses the password dictionary and generates the hash for each word contained in the dictionary by using the SSID. This tool is simple to use with available commands.
With the newer version of the tool CoWPAtty tried to improve the speed by using a pre-computed hash file to avoid the computation at the time of cracking. This pre-computed file contains around 172000 dictionary file for around 1000 most popular SSIDs. But for successful attack, your SSID must be in that list. If your SSID is not in those 1000, you are unlucky. Still, you can try this tool to see how it works.
Download CoWPAtty: http://sourceforge.net/projects/cowpatty/
Airjack is a Wi-Fi 802.11 packet injection tool. It is used to perform DOS attack and MIM attack. This wireless cracking tool is very useful in injecting forged packets and making a network down by denial of service attack. This tool can also be used for a man in the middle attack in the network. This tool is popular and powerful both.
Download AirJack: http://sourceforge.net/projects/airjack/
WepAttack is another working open source Linux tool for breaking 802.11 WEP keys. Like few other tools in the list, this tool also performs an active dictionary attack. It tests millions of words from its dictionary to find the working key for the network. Only a working WLAN card is required to work with WepAttack to perform the attack. Limited usability but works awesome on supported WLAN cards.
Download WepAttack: http://wepattack.sourceforge.net/
NetStumbler is another wireless password cracking tool available only for Windows platform. It helps in finding open wireless access points. This tool is freely available. Basically NetStumbler is used for wardriving, verifying network configurations, finding locations with a poor network, detecting unauthorized access points, and more.
This tool is not very effective now. Main reason is that last stable release of the tool was back in April 2004 around 11 years ago. So, it does not work with 64-bit Windows OS. It can also be easily detected with most of the wireless intrusion detection systems available. So, you can use this tool for learning purpose on home network to see how it works.
A trimmed down version dubbed as ‘MiniStumbler’ of the tool is also available. This tool is too old but it still works fine on supported systems. So, I included it in this list.
Download NetStumbler: http://www.stumbler.net/
inSSIDer is one of the most popular Wi-Fi scanner for Microsoft Windows and OS X platforms. This tool was released under open source license and also awarded as “Best Open Source Software in Networking”. Later it became premium tool and now costs $19.99. The inSSIDer Wi-Fi scanner can do various tasks, including finding open Wi-Fi access points, tracking signal strength, and saving logs with GPS records. Basically this tool is used by network administrators to find the issues in the wireless networks
Download inSSIDer: http://www.inssider.com/
Wifiphisher is another nice hacking tool to get password of a wireless network. This tool can execute fast automated phishing attack against a Wi-Fi wireless network to steal passwords. This tool comes pre-installed on Kali Linux. It is free to use and is available for Windows, MAC and Linux.
Download and read more about WiFiphisher:
KisMac is tool very much similar to Kismet, we added in the list above. It offers features similar to Kismet and is used as wireless network discovery hacking tool. As the name suggests, this tool is only available for Mac. It scans for networks passively only on supported wireless cards and then try to crack WEP and WPA keys by using brute force or exploiting any flaw.
Reaver is an open-source tool for performing brute force attack against WPS to recover WPA/WPA2 pass keys. This tool is hosted on Google Code and may disappear soon if developer has not migrated it to another platform. It was last updated around 4 years ago. Similar to other tools, this tool can be a good alternate to other tools in the list which use same attack method.
Wifite is also a nice tool which supports cracking WPS encrypted networks via reaver. It works on Linux based operating systems. It offers various nice features related to password cracking.
Download Wifite: https://github.com/derv82/wifite
We have a complete article on Wifite. Read wifite walkthrough.
WepDecrypt is another wireless LAN tool written in C language. This tool can guess the WEP keys by performing dictionary attack, distributed network attack, key generator and some other methods. This tool needs few libraries to work. You can read more details on the download page. Tool is not so popular but it is good for beginners to see how dictionary attack works.
Download and read more about WepDecrypt:
OmniPeek is a packet sniffer and network packets analyzer tool. This tool is only available for Windows platform and is available for commercial use only. It also requires you to have good knowledge of network protocols and understanding of network packets. It works with most of the network interface cards available in market. With available plugins, this tool can become more powerful. Around 40 plugins are already available to extend the functions of this tool.
CloudCracker is an online password cracking tool to crack WPA keys of Wireless network. This tool can also be used to crack various other kind of password hashes. You only need to upload the handshake file and enter the network name to start the attack. With 3000 million words long dictionary, this tool is most likely to crack the password. This tool is also used for MD5, SHA and few other cracking. It is also an effective tool and worth to mention if we talk about wireless cracking tools.
See CloudCracker: https://crack.sh/
19. CommonView for Wi-Fi
CommonView for Wi-Fi is also a popular wireless network monitor and packer analyzer tool. It comes with easy to understand and use GUI to work with. This tool is basically for Wi-Fi network admins and security professionals who want to monitor and troubleshoot network related problems. It works fine with Wi-Fi 802.11 a/b/g/n/ac networks. It captures every single packet and lets you see useful information of the network. You can also get useful information like protocol distribution, access points, signal strength and more. This tool offers key information about a network and has a good value for network admins.
Download CommonView: http://www.tamos.com/products/commwifi/
Pyrit is also a very good tool which lets you perform attack on IEEE 802.11 WPA/WPA2-PSK authentication. This tool is available for free and is hosted on Google Code. SO, it could be disappearing in coming months. It works on range of platforms including FreeBSD, MacOS X and Linux.
It performs brute-force attack to crack the WPA/WPA-2 passwords. It is very effective and I recommend you to try it once. Due to its effectiveness, it was necessary to mention this tool in this list.
Ethical Hacking Training
In this post, I added twenty working wireless cracking tools available for free or in open source licenses. You can try these tools to get access to a wireless network without knowing its password. Most of the tools are capable of cracking wireless network passwords but password cracking time may vary depending on the password’s complexity and length. Few tools cannot be directly used in cracking wireless passwords but packet analysis helps in guessing password.
I also recommend the use of these tools just for learning purpose. We do not encourage illegal activities and do not support these kind of people. Hacking wireless network to get unauthorized access is a cyber-crime. So, do not put yourself into a risk.
If you are into network security profession, you must know about these tools.
I tried my best to provide most of the available popular wireless hacking tools. If you have any suggestion, you can comment below to suggest us.