aircrack-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
aircrack-ng [2015/04/12 23:28] – Fixed display of double '-'. mister_x | aircrack-ng [2018/07/11 20:52] – Reorganized options mister_x | ||
---|---|---|---|
Line 87: | Line 87: | ||
You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding. | You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding. | ||
- | Here's a summary of all available | + | === Options === |
+ | == Common | ||
^Option^Param.^Description^ | ^Option^Param.^Description^ | ||
|-a|amode|Force attack mode (1 = static WEP, 2 = WPA/ | |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/ | ||
- | |-b|bssid|Long version - -bssid. Select the target network based on the access point' | ||
|-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/ | |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/ | ||
+ | |-b|bssid|Long version - -bssid. Select the target network based on the access point' | ||
|-p|nbcpu|On SMP systems: # of CPU to use. This option is invalid on non-SMP systems.| | |-p|nbcpu|On SMP systems: # of CPU to use. This option is invalid on non-SMP systems.| | ||
|-q|// | |-q|// | ||
+ | |-C|MACs|Long version - -combine. | ||
+ | |-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.| | ||
+ | |||
+ | == Static WEP cracking options == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
|-c|// | |-c|// | ||
|-t|// | |-t|// | ||
Line 100: | Line 107: | ||
|-d|start|(WEP cracking) Long version --debug. | |-d|start|(WEP cracking) Long version --debug. | ||
|-m|maddr|(WEP cracking) MAC address to filter WEP data packets. Alternatively, | |-m|maddr|(WEP cracking) MAC address to filter WEP data packets. Alternatively, | ||
- | |-M|number|(WEP cracking) Sets the maximum number of ivs to use.| | ||
|-n|nbits|(WEP cracking) Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc. The default value is 128.| | |-n|nbits|(WEP cracking) Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc. The default value is 128.| | ||
|-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.| | |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.| | ||
|-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.| | |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.| | ||
- | |-H|// | ||
- | |-l|file name|(Lowercase L, ell) logs the key to the file specified.| | ||
- | |-K|// | ||
|-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| | |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| | ||
- | |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.| | ||
- | |-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key. Outputs an error message if aircrack-ng has not been compiled with sqlite support.| | ||
|-x/ | |-x/ | ||
|-x1|// | |-x1|// | ||
|-x2|// | |-x2|// | ||
|-X|// | |-X|// | ||
+ | |-s|// | ||
|-y|// | |-y|// | ||
- | |-u|// | + | |-z|//none//|Invokes the PTW WEP cracking method (Default in v1.x)| |
+ | |-P|number|Long version | ||
+ | |-K|// | ||
+ | |-D|// | ||
+ | |-1|// | ||
+ | |-M|number|(WEP cracking) Specify the maximum number of IVs to use.| | ||
+ | |-V|// | ||
+ | |||
+ | == WEP and WPA-PSK cracking options == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
|-w|words|(WPA cracking) Path to a wordlist or " | |-w|words|(WPA cracking) Path to a wordlist or " | ||
- | |-z|//none//|Invokes | + | |-N|file|Create a new cracking session and save it to the specified file.| |
- | |-P|//none//|Long version --ptw-debug. | + | |-R|file|Restore cracking session from the specified file.| |
- | |-C|MACs|Long version --combine. Merge the given APs to a virtual one.| | + | |
- | |-D|//none//|Long version --wep-decloak. | + | == WPA-PSK options == |
- | |-V|//none//|Long version --visual-inspection. Run in visual inspection mode.| | + | |
- | |-1|//none//|Long version --oneshot. | + | ^Option^Param.^Description^ |
+ | |-E|file>|(WPA cracking) Create EWSA Project file v3.| | ||
+ | |-j|file|(WPA cracking) Create Hashcat v3.6+ Capture file (HCCAPX).| | ||
+ | |-J|file|(WPA cracking) Create Hashcat Capture file.| | ||
|-S|// | |-S|// | ||
+ | |-Z|sec|WPA cracking speed test execution length in seconds.| | ||
+ | |-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key. Outputs an error message if aircrack-ng has not been compiled with sqlite support.| | ||
+ | |||
+ | == SIMD Selection == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |--simd|optimization|Use user-specified SIMD optimization instead of the fastest one.| | ||
+ | |--simd-list|// | ||
+ | |||
+ | == Other options == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |-H|// | ||
+ | |-u|// | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
Line 506: | Line 535: | ||
If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets. | If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets. | ||
- | There is an open [[http://trac.aircrack-ng.org/ticket/651|trac ticket]] to correct this incorrect behavior. | + | There is an open [[https://github.com/ |
aircrack-ng.txt · Last modified: 2019/09/18 22:39 by mister_x