You are here: Home » Wireless Attacks » WiFite

WiFite

WiFite Description

To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the "set it and forget it" wireless auditing tool.

Features

  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, etc)
  • "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to wifite.py's current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt
  • built-in updater: ./wifite.py -upgrade

Homepage: https://github.com/derv82/wifite2

Author: derv merkler

License: GPLv2

WiFite Help

optional arguments:
  -h, --help           show this help message and exit

SETTINGS:
  -i [interface]       Wireless interface to use (default: ask)
  -c [channel]         Wireless channel to scan (default: all channels)
  -5, --5ghz           Include 5Ghz channels (default: off)
  -b [bssid]           BSSID (e.g. AA:BB:CC:DD:EE:FF) of access point to attack
  -e [essid]           ESSID (name) of access point to attack
  -v, --verbose        Verbose mode, prints more lines (default: quiet)

WEP-RELATED:
  --wep                Filter to display WEP-encrypted networks (default: off)
  --require-fakeauth   Fails attacks if fake-auth fails (default: off)
  --pps [pps]          Packets Per Second to replay (default: 600 pps)
  --wept [seconds]     Seconds to wait before failing (default: 600 sec)
  --wepca [ivs]        Start cracking at this many IVs (default: 10000 ivs)
  --weprs [seconds]    Restart aireplay if no new IVs appear (default: 11 sec)
  --weprc [seconds]    Restart aircrack after this delay (default: 30 sec)
  --arpreplay          Use ARP-replay WEP attack (default: on)
  --fragment           Use fragmentation WEP attack (default: on)
  --chopchop           Use chop-chop WEP attack (default: on)
  --caffelatte         Use caffe-latte WEP attack (default: on)
  --p0841              Use p0841 WEP attack (default: on)
  --hirte              Use ARP-replay WEP attack (default: on)

WPA-RELATED:
  --wpa                Filter to display WPA-encrypted networks (includes WPS)
  --wpadt [seconds]    Time to wait between sending Deauths (default: 10 sec)
  --wpat [seconds]     Time to wait before failing WPA attack (default: 500 sec)
  --hs-dir [dir]       Directory to store handshake files (default: hs)
  --dict [file]        File containing passwords for cracking (default: None)
  --strip              Strip unnecessary packets from handshake capture using tshark or pyrit

WPS-RELATED:
  --wps                Filter to display WPS-enabled networks
  --reaver             ONLY use Reaver on WPS networks (default: off)
  --no-reaver          Do NOT use Reaver on WPS networks (default: off)
  --pixie              Only use the WPS Pixie-Dust attack (default: off)
  --pixiet [seconds]   Time to wait before failing PixieDust attack (default: 300 sec)
  --pixiest [seconds]  Time to wait for a step to progress before failing PixieDust attack (default: 30 sec)
  --wpst [seconds]     Time to wait before failing WPS PIN attack (default: 600 sec)
  --wpsmr [retries]    Maximum number of Retries before failing (default: 20)
  --wpsmf [fails]      Maximum number of Reaver Failures before failing attack (default: 30)
  --wpsmt [timeouts]   Maximum number of Timeouts before stopping (default: 30)
  --ignore-ratelimit   Ignores attack if WPS is rate-limited (default: on)

COMMANDS:
  --cracked            Display previously-cracked access points
  --check [file]       Check a .cap file (or all hs/*.cap files) for WPA handshakes

WiFite Usage Example

Attack access points with over 50 dB of power (-pow 50) using the WPS attack (-wps):

wifite -pow 50 -wps

How to install WiFite

The program is pre-installed on Kali Linux.

Installation on Linux (Debian, Mint, Ubuntu)

Required Programs

Please see the installation guide on the wiki for help installing any of the tools below.

  • Python 2.7.x. Wifite is a Python script and requires Python to run.
  • aircrack-ng suite. This is absolutely required. The specific programs used in the suite are:

airmon-ng

airodump-ng

aireplay-ng

packetforge-ng

aircrack-ng

Standard linux programs.

  • iwconfig, ifconfig, which, iw

Suggested Programs

  • reaver, a Wifi-Protected Setup (WPS) attack tool. Reaver includes a scanner "walsh" (or "wash") for detecting WPS-enabled access points. Wifite uses Reaver to scan for and attack WPS-enabled routers.
  • pyrit, a GPU cracker for WPA PSK keys. Wifite uses pyrit (if found) to detect handshakes. In the future, Wifite may include an option to crack WPA handshakes via pyrit.
  • tshark. Comes bundled with Wireshark, packet sniffing software.
  • cowpatty, a WPA PSK key cracker. Wifite uses cowpatty (if found) to detect handshakes.
wget https://raw.github.com/derv82/wifite/master/wifite.py
chmod +x wifite.py
sudo ./wifite.py

WiFite Screenshots

015

20

22

WiFite Tutorials

Related tools