You are here: Home » Wireless Attacks » coWPAtty


coWPAtty Description

Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

Together with coWPAtty comes genpmk tool, which can make a preliminary calculation of the PMK file. Nevertheless, the process of rendering the necessary data can be significantly speeded up by using a properly configured Pyrit or Hashcat, which can use the power of the graphics processor for calculations.


Author: Joshua Wright

License: GPLv2

coWPAtty Help


cowpatty [options]


	-f 	Dictionary file
	-d 	Hash file (genpmk)
	-r 	Packet capture file
	-s 	Network SSID (enclose in quotes if SSID includes spaces)
	-c 	Check for valid 4-way frames, does not crack
	-h 	Print this help information and exit
	-v 	Print verbose information (more -v for more verbosity)
	-V 	Print program version and exit

genpmk Help


genpmk [options]


	-f 	Dictionary file
	-d 	Output hash file
	-s 	Network SSID
	-h 	Print this help information and exit
	-v 	Print verbose information (more -v for more verbosity)
	-V 	Print program version and exit

After precomputing the hash file, run cowpatty with the -d argument.

genpmk Usage Example

Use the provided dictionary file (-f /usr/share/wordlists/nmap.lst) to generate a hashfile, saving it to a file (-d cowpatty_dict) for the given ESSID (-s securenet):

genpmk -f /usr/share/wordlists/nmap.lst -d cowpatty_dict -s securenet
genpmk 1.1 - WPA-PSK precomputation attack. <>
File cowpatty_dict does not exist, creating.
key no. 1000: pinkgirl

1641 passphrases tested in 4.09 seconds:  401.35 passphrases/second

coWPAtty Usage Example

Use the provided hashfile (-d cowpatty_dict), read the packet capture (-r Kismet-20140515-16-21-37-1.pcapdump), and crack the password for the given ESSID (-s 6F36E6):

cowpatty -d cowpatty_dict -r Kismet-20140515-16-21-37-1.pcapdump -s 6F36E6
cowpatty 4.6 - WPA-PSK dictionary attack. <>

How to install coWPAtty

The program is pre-installed on Kali Linux.

coWPAtty Screenshots

The program is a command-line utility.

coWPAtty Tutorials

Coming soon…

Related tools