WiFite2 – Automated Wireless Attack Tool

WiFite2 is a complete rewrite of Wifite – a Python script for auditing wireless networks. It runs existing wireless-auditing tools for you, so you won’t need to remember command arguments and switches anymore.

WiFite2: An Automated Wireless Attack tool

WiFite2 is using all well-known methods for cracking/retrieving wireless (WPS/WPA/WEP) passwords:

WiFite2 vs. WiFite

  1. Less bugs: cleaner process management, doesn’t leave processes running in the background, less-painful pull requests, working unit tests, etc.
  2. It’s faster: target access points are refreshed every second instead of every 5 seconds.
  3. Accuracy: displays realtime Power level of currently-attacked target, displays more information during an attack, etc.
  4. Educational: the --verbose option (expandable to -vv or -vvv) shows which commands are executed and also shows the output of those commands.Easy debug!
  5. Active development, python3 support, new banner, etc.

Supported OSs:

  • WiFite2 is specifically designed for the latest version of Kali Linux & ParrotSec.
  • BackBox/Ubuntu have outdated tool versions.
* Note: Make sure you have installed latest versions of the Required Tools.

WiFite2 Crack Example

Features:

  • PMKID hash capture (enabled by-default, force with: --pmkid)
  • WPS Offline Brute-Force Attack aka “Pixie-Dust”. (enabled by-default, force with: --wps-only --pixie)
  • WPS Online Brute-Force Attack aka “PIN attack”. (enabled by-default, force with: --wps-only --no-pixie)
  • WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with: --no-wps)
  • Validates handshakes against pyrittsharkcowpatty, and aircrack-ng (when available)
  • Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
  • Automatically decloaks hidden access points while scanning or attacking.
    • Note: Only works when channel is fixed. Use -c <channel>;
    • Disable this using --no-deauths;
  • 5Ghz support for some wireless cards (via -5 switch).
    • Note: Some tools don’t play well on 5GHz channels (e.g. aireplay-ng)
  • Stores cracked passwords and handshakes to the current directory (--cracked)
    • Includes information about the cracked access point (Name, BSSID, Date, etc).
  • Easy to try to crack handshakes or PMKID hashes against a wordlist (--crack)
Also read: SS7 Hack Attack and Counter Measures

Requirements

  • Wireless card: with “Monitor Mode” and packet injection capability.
  • Python 2/Python 3
  • Latest versions of the Required Tools/Programs

Required Tools:

  • iwconfig: identifying wireless devices already in Monitor Mode.
  • ifconfig: starting/stopping wireless devices.
  • Aircrack-ng suite:
      • airmon-ng: enumerating and enabling Monitor Mode on wireless devices.
      • aircrack-ng: cracking WEP .cap files and WPA handshake captures.
    • aireplay-ng: deauthing access points, replaying capture files, various WEP attacks.
    • airodump-ng: target scanning & capture file generation.
    • packetforge-ng: forging capture files.

Optional Tools:

  • tshark: detecting WPS networks and inspecting handshake capture files.
  • reaver: WPS Pixie-Dust & brute-force attacks.
    • Note: Reaver’s wash tool can be used to detect WPS networks if tshark is not found.
  • bully: WPS Pixie-Dust & brute-force attacks.
  • coWPAtty: detecting handshake captures.
  • pyrit: detecting handshake captures.
  • hashcat: cracking PMKID hashes.
    • hcxdumptool: capturing PMKID hashes.
    • hcxpcaptool: converting PMKID packet captures into hashcat‘s format.

WiFite2 Install

To run WiFite2 without installation, just clone it form the github repo:

$ git clone https://github.com/derv82/wifite2.git
$ cd wifite2
$ sudo ./Wifite.py

If you want to run it from any terminal, you need to install wifite2 as follows:

$ sudo python setup.py install

This will install wifite to /usr/sbin/wifite.

Note: To uninstall WiFite2 you’ll need to record the installed files and to remove those files. Unfortunately, this is the only way of the uninstallation:
$ sudo python setup.py install --record files.txt \
  && cat files.txt | xargs sudo rm \
  && rm -f files.txt

Basic Usage

To see all available command arguments, just type -h:

root@kali:~# wifite -h

  .;'                     `;,
 .;'  ,;'             `;,  `;,   
.;'  ,;'  ,;'     `;,  `;,  `;,  WiFite 2.2.5
::   ::   :   ( )   :   ::   ::  automated wireless auditor
':.  ':.  ':. /_\ ,:'  ,:'  ,:'  https://github.com/derv82/wifite2
 ':.  ':.    /___\    ,:'  ,:'  
  ':.       /_____\      ,:'
           /       \

optional arguments
   -h, --help		show this help message and exit

SETTINGS: 
   -v, --verbose	Show more options (-h -v). Prints commands and outputs. (default: quiet)
   -i [interface]	Wireless interface to use, e.g. wlan0mon (default: ask)
   -c [channel]		Wireless channel to scan (default: all 2Ghz channels)
   -mac, ---random-mac	Randomize wireless card MAC address (default: off)
   -p [scan_time]	Pillage: Attack all targets after scan_time (seconds)
   --kill		Kill processes that conflicts with Airmon/Airodump (default: off)
   --clients-only	Only show targets that have associated clients (default: off)
   --nodeauths		Do not authenticate clients *EVER* (default: deauth targets)

WEP:
   --wep		Show only WEP-encrypted networks
   --require-fakeauth	Fails attacks if fake-auth fails (default: off)
   --keep-ivs		Retain .IVS files and reuse when cracking (default: off)

WPA:
   --WPA		Show only WPA-encrypted-networks (uncludes WPS)
   --PMKID		Only use PMKID capture, avoids other WPS & WPA attacks (default: off)
   --new-hs		Captures new handshakes, ignores existing handshakes in hs (default: off)
   --dic [file]		File containing passwords for cracking (default: ./wordlist-top4800-probable.txt)

WPS:
   --wps		Show only WPS-enabled networks
   --wps-only		Only use WPS PIN & Pixie-Dust attacks (default: off)
   --bully		Use bully program for WPD PIN & Pixie-Dust attacks (default: reaver)
   --ignore-locks	Do not stop WPS PIN attack if AP become locked (default: stop)

COMMANDS:
   --cracked		Print previously-cracked access points
   --check [file]	Check a .cap file (or all hs/*.cap files) for WPA handshakes
   --crack		Show commands to crack a captured handshake


Leave a Reply

Your email address will not be published. Required fields are marked *