You are here: Home » Wireless Attacks » Penetrator-WPS

Penetrator-WPS

Penetrator-WPS Description

This is experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time.

It utilizes the pixie-dust attack every time it receives M3 message, unless it is disabled with -P pixie-dust requires pixiewps to be installed.

Homepage: https://github.com/xXx-stalin-666-money-xXx/penetrator-wps

Author: David Cernak

License: GPLv2

Penetrator-WPS Help

Basic command line options:
	-h		Display help
	-i <dev>	Set monitor mode device to use
	-s		Scan for WPS enabled APs
	-c <channel>	Set channel(s)
	-b <bssid>	Set target(s)

Advanced command line options:
	-A 		Scan for WPS APs and try pixiedust on all of them
	-M 		Disable attacking multiple APs at once (only -A)
	-P 		Disable pixiewps after M3 is received
	-D 		Disable loading sessions - starts new
	-W 		Wait after every PIN attempt
	-v		verbose - print info about WPS messages etc
	-vv		verbose level 2 - print pixiewps data
	-t <seconds>	Set time limit for scanning (default 10)
	-T <ms>		Set timeout - when it occurs, resend last packet (default 1)
	-R <max>		Set maximum resends (default 5)
	-S <seconds>	Sleep after 10 failures in a row (default 60)
	-N 		Ignore NACKs (debug)

Penetrator-WPS Usage Example

1. Adding targets manually

This command will attack two APs on channel 1 at the same time, one has BSSID 11:22:33:44:55:66 and second has ESSID "example" and BSSID66:55:44:33:22:11

penetrator -i mon0 -c 1 -b 11:22:33:44:55:66 -e example -b 66:55:44:33:22:11

2. Attacking entire channel

This will scan for APs on channel 1 and attack them all at the same time

penetrator -i mon0 -c 1

3. Attacking all APs in range with pixiewps

This will scan all specified channels (or range 1-13 if nothing is specified) and will try pixie-dust attack on all of them.

There is a timeout of 1 minute for every channel, so if it fails to capture M3 message from some APs, it will just skip them.

By default, all APs on the same channel will be attacked at the same time, this can be disabled with -M

penetrator -i mon0 -A

4. Attack all WPS APs in range one by one:

penetrator -i mon0 -A -M

5. Attack all WPS APs on channels 1 and 6:

penetrator -i mon0 -A -c 1 -c 6

How to install Penetrator-WPS

apt-get install libpcap-dev libssl-dev
git clone https://github.com/xXx-stalin-666-money-xXx/penetrator-wps.git
cd penetrator-wps/
./install.sh
penetrator

Penetrator-WPS Screenshots

The program is a command-line utility.

Penetrator-WPS Tutorials

Related tools

Also recommended: