In this article we’ll discuss about the top 21 wireless hacking tools through which you can easily enumerate any Wi-Fi connection near by you or your device. Wireless networks are convenient and popular, but poor configuration and encryption leave them open to attack. There are so many tools are there through which you can crack any Wi-Fi network.
There are around 3 levels of Wireless Encryption exists:
- WEP Encryption (Wireless Encrypted Protocol which is very poor security now a days)
- WPA-PSK Encryption (Wi-Fi Protected Access)
- WPA2-PSK Encryption (Wi-Fi Protected Access, Version 2)
Understanding the basic wireless network terms –
- SSID – Service Set Identifier
- BSSID – Basic Service Set Identifier (It is the numeric ID of the access point something like MAC Address of the router)
- ESSID – Extended Service Set Identifier (It is the name of the access point)
- BSS – Basic Service Set (A Set of stations controlled by a single coordination function)
- EAP – Extensible Authentication Protocol (It can be used to provide authentication to the wireless network when employing WPA-Enterprise and WPA2-Enterprise)
- WAP – Wireless Application Protocol (It can be used to mean Wireless Access Point)
- WPS – Wi-Fi Protected Setup (Another level of wireless security)
Let’s explain about the best tools for cracking the wireless networks:-
It is a complete set of tools to access Wi-Fi security through which you can easily monitor the traffic, capturing the packets, cracking the key etc.
Aircrack-ng also has a different set of tools which includes airtun-ng, packetforge-ng, wesside-ng, easside-ng, airserv-ng, airolib-ng, airdriver-ng, airbase-ng, tkiptun-ng and airdecloak-ng. Aircrack suite is availble for both Windows and Linux Operating Systems. BackTrack & Kali Linux OS has Aircrack Tools installed by default.
You can perform various attacks with aircrack suite like Fragmentation Attack, ChopChop Attack, FMS Attack, Dictionary Attack etc.
Aircrack Package includes –
- aircrack-ng (For cracking WEP Keys.)
- airdecap-ng (Which decrypts WEP or WPA encrypted capture files with a known key.)
- airmon-ng (To turn wireless cards into monitor mode.)
- aireplay-ng (A kind of Packet Injector.)
- airodump-ng (Which places all air traffic into pcap or IVS files and displays various information about networks such as Channel, Enc Method, ESSID, BSSID etc.)
- airtun-ng (A Virtual tunnel interface creator.)
- packetforge-ng (Which create a set of encrypted packets for injection.)
- ivstools (Tools to merge and convert.)
- airbase-ng (A technique for attacking client like deauthentication of wireless network.)
- airdecloak-ng (To remove WEP cloaking from pcap files.)
- airolib-ng (Which stores and manages ESSID and password lists.)
- airserv-ng (Which allows to access the wireless card from other systems.)
- easside-ng (A tool for communicating to an access point, without the WEP key.)
- buddy-ng (A helper server for easside-ng.)
- tkiptun-ng (For attacking WPA/TKIP protocols.)
- wesside-ng (Tool for recovering WEP key.)
Official Website – https://www.aircrack-ng.org/
Another tool for decrypting WEP encryption key. To use Airsnort, you need to select the channel first and select the network from a scanning list on the basis of your wireless network card.
Airsnort is available for both operating systems i.e. Windows and Linux but Linux Version is more stable then windows version. The development of this tool has been stopped and has not been updated from last 3-4 years.
Official Website – https://sourceforge.net/projects/airsnort/
Airjack is basically a device driver used for frame injection and reception. DOS(Denial of Service) attacks and MITM(Man in the Middle) Attacks can easily be performed with Airjack.
Official Website – https://sourceforge.net/projects/airjack/
Kismet is one of the most popular tool used for network detection, sniffing of packets and is widely used for wireless reconnaissance. You can also detect rougue access points with Kismet.
Kismet is availble for all OS (Windows/Linux/MacOSX). This tool also has the capibility to save the packets in pre-compiled format which supports TCPDUMP and Wireshark. It also supports Channel Hopping. Mapping and GPS support is also there in all versions.
Offical Website – https://www.kismetwireless.net/
KisMac is the Mac version of Kismet Tool and has a wide range of features like Discovery of packets, draw area maps of network coverage, reveals hidden, closed and cloacked SSIDs in a network. The best thing about KisMac tool is that it also supports Drone. KisMac supports various networki cards like Apple’s Airport, Airport Extreme etc.
Official Website – https://github.com/IGRSoft/KisMac2 (Active Project)
6. Cain and Abel
It is not a fully cracking tool but a password recovering tool used by only Windows Operating System. It has also the ability to record VoIP conversations, ARP Spoofing, Calculating Hashes, decoding scrambled passwords, IP to Mac Address Resolver, Dumping protected storage passwords etc.
The amazing thing about this tool is that some of the antiviruses detect as a malware/virus because of password recovering feature but you can consider as a false positive. Cain & Abel is made of 2 major components: Cain, is the frontend application that recovers passwords and the password sniffing part; and the Abel, is a Windows NT service that requires to be installed (locally or remotely) and has the role of scrambling the traffic inside the network, for additional protection.
Official Website – http://www.oxid.it/cain.html
NetStumbler is a windows based tool which detects the wireless LAN using 802.11b, 802.11a and 802.11g standards. NetStumbler is commonly used for Wardriving, finding locations with poor coverage, verifying network configurations etc.
Official Website – http://www.netstumbler.com
8. CommView for Wi-Fi
CommView Tool is specalized for network monitoring and used by various security professionals, administrators, programmers and home users. For this tool, you must have a good capability of wireless adapter like Alfa Card or Belkin USB Adapter. It is basically designed for LAN Administrators loaded with many user-friendly features.
It also includes VoIP Analyzer for in-depth analysis. For remote monitoring tasks, you can even use their REMOTE AGENT. You can also reconstruct your TCP sessions, exchange data with applications over TCP/IP Protocol.
Official Website – http://www.tamos.com/download/main/ca.php
9. Fern Wi-Fi Cracker
Fern Wi-Fi Cracker Tool is totally based on Python Programming language and has the capability to crack the wireless network based on WEP/WPA/WPS security. This GUI tool is a linux based tool having full update support from the backend.
It currently supports WEP cracking with Fragmentation Attack, ChopChop, Caffe Latte, Hirte attack and also supports the bruteforce or dictionary based attacks.
Official Website – http://www.fern-pro.com/
10. Gerix Wi-fi Cracker
Gerix Wi-Fi Cracker is one of the most popular wireless 802.11 penetration testing tool. With this tool, you can perform all different techniques to attack AP and Wireless based routers.
Gerix Tool is a mixture of both GUI and CLI based. You can easily hack/crack any Wi-Fi network without knowledge of command line codes.
Official Website – https://github.com/J4r3tt/gerix-wifi-cracker-2
Read More: 10 Tips for securing the wireless networks
Wifite is an automated wireless attacking tool basically developed for cracking into WPS protected wireless networks. Routers who has WPS enabled can easily break down with the help of Wifite.
The window version of this tool is not yet available so this tool is only meant for Linux and you can easily find this tool in either backtrack operating system or in kali linux operating system. Wifite aims to be the “set it and forget it” wireless auditing tool.
Official Website – https://github.com/derv82/wifite
coWPAtty is designed to audit the security of pre-shared keys(PSK) selected in WiFi Protected Access (WPA) networks and is generally known by Offline Dictionary Attack Tool. Well in bruteforce type attacks, the only thing which matters is the SPEED but unfortunately coWPAtty is not very fast and can it try a max of 30-60 words per second.
Official Website – https://github.com/roobixx/cowpatty
It is a WLAN opensource tool based on LINUX OS and is used for breaking WEP keys only. This tool is totally dependent on the dictionary file. Large the no of words in a dictionary file, the chances of getting password is mroe. The best thing about WEPATTACK tool is that you just need a single packet to start an attack.
Besides this tool, you can even use CHOPCHOP Attack or Caffe-Latte Attack for cracking WEP Password but all these attacks are done by command line.
Official Website – https://github.com/knoopx/wepattack
inSSIDer is a Wi-Fi Troubleshooting and optimization tool through which you can easily find poor channel networks. Besically its a decision maker tool for wifi network management. You can discover so many things with this tool like MAC Address, Encryption, Signal Strength etc.
You can also estimate the performance of your wi-fi network in various locations. inSSIDer is perfectly working on all Windows based operating systems.
Official Website – http://www.metageek.com/products/inssider/
Wifiphisher is an automated injection tool through which you can easily infect your victims with malware to get the credentials using customized phishing login pages just like an EVIL TWIN Attack do.
After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page. The current of Wifiphisher is 1.2 as per 23Feb2017.
Official Website – https://github.com/wifiphisher/wifiphisher
Reaver is a another bruteforcing attacking tool which attacks against WPS enabled networks. This tool has been tested against wide variety of APs. Depending upon the target AP, it usually takes 4-10 hours to crack the password. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.
Official Website – https://github.com/t6x/reaver-wps-fork-t6x
WepDecrypt is another WLAN tool to cracking WEP keys based on dictionary file and is writtend in C Language. This tool has its own key generator and perfectly works in Windows based OS.
Official Website – http://wepdecrypt.sourceforge.net/
Cloudcracker is an online wi-fi password cracking service ($200 per key) used to crack most of the wifi passwords using hash files. You just need to upload the hash files generated by a hash generator and cloudcracker will give you a cracked wifi password. The formal name of this tool is WPACRACKER.
Marlinspike who is the author of cloudcracker, also released one statement:
“We’re really trying to push the envelope in terms of password cracking, Basically you get more dictionaries for your dollar, about twice the cracking power for the same price.”
For parsing and decrypting MS-CHAPv2 network handshakes, you can also use CHAPCRACK Tool
Official Website – https://www.cloudcracker.com
Pyrit is one of the famous WPA precomputed cracker. It also supports a wide range of platforms like FreeBSD, MacOS X and Linux. Pyrit consists of basically two parts: The main module features the commandline-client, the scheduling- and database-code and a basic extension-module that uses the CPU for computation.
Official Website – https://github.com/JPaulMora/Pyrit
Wireshark is not a wireless cracking tool but a powerful network protocol analyzer and is available for both windows and linux operating system. Wireshark has been came into market around 19 years ago. The originally name of the wireshark is ETHEREAL but from May 2006 onwards, it has been renamed to Wireshark.
Wireshark is very similar to tcpdump tool, but has a great graphical front-end along with integrated sorting and filtering options. You can easily capture the data from a live network connection and that data can be browsed via GUI or via the terminal utility like Tshark.
To learn Wireshark, you can also follow “Mastering Wireshark 2 (Video Series)” from Packtpub.
Official Website – https://www.wireshark.org/
Netcut tool is a windows based tool and is totally dependent on ARP Protocol through which you can send de-aunthetication packets in any wireless network. The tool will automatically discover all the things like IP Address, Hostname, MAC Address, Device Name etc and perfectly used in LAN network.
You can cut down any computer’s network connection to the gateway in a split of a second. It also protects you from ARP Spoofing Attacks. You can even change your MAC Address of your adapter with the help of netcut. Netcut Tool is a product developed by Arcai.
Official Website – http://www.arcai.com/netcut/