Wifite Package Description

To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.

Features:

  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, etc)
  • “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to wifite.py’s current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt

Source: https://code.google.com/p/wifite/
Wifite Homepage | Kali Wifite Repo

  • Author: derv merkler
  • License: GPLv2

Tools included in the wifite package

wifite – Automated wireless auditor
root@kali:~# wifite -h

  .;'                     `;,
 .;'  ,;'             `;,  `;,   WiFite v2 (r85)
.;'  ,;'  ,;'     `;,  `;,  `;,
::   ::   :   ( )   :   ::   ::  automated wireless auditor
':.  ':.  ':. /_\ ,:'  ,:'  ,:'
 ':.  ':.    /___\    ,:'  ,:'   designed for Linux
  ':.       /_____\      ,:'
           /       \

   COMMANDS
    -check <file>   check capfile <file> for handshakes.
    -cracked        display previously-cracked access points

   GLOBAL
    -all            attack all targets.              [off]
    -i <iface>      wireless interface for capturing [auto]
    -mac            anonymize mac address            [off]
    -c <channel>    channel to scan for targets      [auto]
    -e <essid>      target a specific access point by ssid (name)  [ask]
    -b <bssid>      target a specific access point by bssid (mac)  [auto]
    -showb          display target BSSIDs after scan               [off]
    -pow <db>       attacks any targets with signal strenghth > db [0]
    -quiet          do not print list of APs during scan           [off]


   WPA
    -wpa            only target WPA networks (works with -wps -wep)   [off]
    -wpat <sec>     time to wait for WPA attack to complete (seconds) [500]
    -wpadt <sec>    time to wait between sending deauth packets (sec) [10]
    -strip          strip handshake using tshark or pyrit             [off]
    -crack <dic>    crack WPA handshakes using <dic> wordlist file    [off]
    -dict <file>    specify dictionary to use when cracking WPA [phpbb.txt]
    -aircrack       verify handshake using aircrack [on]
    -pyrit          verify handshake using pyrit    [off]
    -tshark         verify handshake using tshark   [on]
    -cowpatty       verify handshake using cowpatty [off]

   WEP
    -wep            only target WEP networks [off]
    -pps <num>      set the number of packets per second to inject [600]
    -wept <sec>     sec to wait for each attack, 0 implies endless [600]
    -chopchop       use chopchop attack      [on]
    -arpreplay      use arpreplay attack     [on]
    -fragment       use fragmentation attack [on]
    -caffelatte     use caffe-latte attack   [on]
    -p0841          use -p0841 attack        [on]
    -hirte          use hirte (cfrag) attack [on]
    -nofakeauth     stop attack if fake authentication fails    [off]
    -wepca <n>      start cracking when number of ivs surpass n [10000]
    -wepsave        save a copy of .cap files to this directory [off]

   WPS
    -wps        only target WPS networks         [off]
    -wpst <sec>     max wait for new retry before giving up (0: never)  [660]
    -wpsratio <per> min ratio of successful PIN attempts/total tries    [0]
    -wpsretry <num> max number of retries for same PIN before giving up [0]

   EXAMPLE
    ./wifite.py -wps -wep -c 6 -pps 600

 [+] quitting

wifite Usage Example

Attack access points with over 50 dB of power (-pow 50) using the WPS attack (-wps):

root@kali:~# wifite -pow 50 -wps

  .;'                     `;,    
 .;'  ,;'             `;,  `;,   WiFite v2 (r85)
.;'  ,;'  ,;'     `;,  `;,  `;,  
::   ::   :   ( )   :   ::   ::  automated wireless auditor
':.  ':.  ':. /_\ ,:'  ,:'  ,:'  
 ':.  ':.    /___\    ,:'  ,:'   designed for Linux
  ':.       /_____\      ,:'    
           /       \            

 [+] targeting WPS-enabled networks

 [+] scanning for wireless devices...
 [+] enabling monitor mode on wlan0... done
 [+] initializing scan (mon0), updates at 5 sec intervals, CTRL+C when ready.
Menu