Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
AIRCRACK-NG(1)		    General Commands Manual		AIRCRACK-NG(1)

NAME
       aircrack-ng - a 802.11 WEP / WPA-PSK key	cracker

SYNOPSIS
       aircrack-ng [options] <.cap / .ivs file(s)>

DESCRIPTION
       aircrack-ng is an 802.11	WEP and	WPA/WPA2-PSK key cracking program.
       It can recover the WEP key once enough encrypted	packets	have been cap-
       tured with airodump-ng. This part of the	aircrack-ng  suite  determines
       the  WEP	key using two fundamental methods. The first method is via the
       PTW approach (Pyshkin, Tews, Weinmann). The main	advantage of  the  PTW
       approach	 is  that  very	few data packets are required to crack the WEP
       key. The	second method is the FMS/KoreK method.	The  FMS/KoreK	method
       incorporates  various  statistical  attacks to discover the WEP key and
       uses these in combination with brute forcing.
       Additionally, the program offers	a dictionary  method  for  determining
       the WEP key. For	cracking WPA/WPA2 pre-shared keys, a wordlist (file or
       stdin) or an airolib-ng has to be used.

OPTIONS
       Common options:

       -a _amode_
	      Force the	attack mode, 1 or wep for WEP and 2 or	wpa  for  WPA-
	      PSK.

       -e _essid_
	      Select  the  target  network  based on the ESSID.	This option is
	      also required for	WPA cracking if	the SSID is cloacked. For SSID
	      containing    special   characters,   see	  http://www.aircrack-
	      ng.org/doku.php?id=faq#how_to_use_spaces_double_quote_and_sin-
	      gle_quote_etc._in_ap_names

       -b _bssid_ or --bssid _bssid_
	      Select the target	network	based on the access point MAC address.

       -p _nbcpu_
	      Set  this	option to the number of	CPUs to	use (only available on
	      SMP systems). By default,	it uses	all available CPUs

       -q     If set, no status	information is displayed.

       -C _macs_ or --combine _macs_
	      Merges all those APs MAC (separated by a comma) into  a  virtual
	      one.

       -l _file_
	      Write the	key into a file.

       Static WEP cracking options:

       -c     Search alpha-numeric characters only.

       -t     Search binary coded decimal characters only.

       -h     Search the numeric key for Fritz!BOX

       -d _mask_ or --debug _mask_
	      Specify mask of the key. For example: A1:XX:CF

       -m _maddr_
	      Only  keep  the  IVs coming from packets that match this MAC ad-
	      dress. Alternatively, use	-m ff:ff:ff:ff:ff:ff to	 use  all  and
	      every  IVs,  regardless  of the network (this disables ESSID and
	      BSSID filtering).

       -n _nbits_
	      Specify the length of the	 key:  64  for	40-bit	WEP,  128  for
	      104-bit  WEP,  etc., until 512 bits of length. The default value
	      is 128.

       -i _index_
	      Only keep	the IVs	that have this key index (1 to 4). The default
	      behaviour	 is to ignore the key index in the packet, and use the
	      IV regardless.

       -f _fudge_
	      By default, this parameter is set	to 2. Use a  higher  value  to
	      increase the bruteforce level: cracking will take	more time, but
	      with a higher likelihood of success.

       -k _korek_
	      There are	17 KoreK attacks. Sometimes one	attack creates a  huge
	      false positive that prevents the key from	being found, even with
	      lots of IVs. Try -k 1, -k	2, ... -k 17 to	 disable  each	attack
	      selectively.

       -x or -x0
	      Disable last keybytes bruteforce (not advised).

       -x1    Enable last keybyte bruteforcing (default)

       -x2    Enable last two keybytes bruteforcing.

       -X     Disable bruteforce multithreading	(SMP only).

       -s     Shows ASCII version of the key at	the right of the screen.

       -y     This  is	an experimental	single brute-force attack which	should
	      only be used when	the standard attack mode fails with more  than
	      one million IVs.

       -z     Uses  PTW	 (Andrei Pyshkin, Erik Tews and	Ralf-Philipp Weinmann)
	      attack (default attack).

       -P _num_	or --ptw-debug _num_
	      PTW debug: 1 Disable klein, 2 PTW.

       -K     Use KoreK	attacks	instead	of PTW.

       -D or --wep-decloak
	      WEP decloak mode.

       -1 or --oneshot
	      Run only 1 try to	crack key with PTW.

       -M _num_
	      Specify maximum number of	IVs to use.

       WEP and WPA-PSK cracking	options

       -w _words_
	      Path to a	dictionary file	for wpa	cracking. Specify "-"  to  use
	      stdin.   Here  is	 a  list  of  wordlists:  http://www.aircrack-
	      ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

       WPA-PSK options:

       -E _file_
	      Create Elcomsoft Wireless	Security Auditor (EWSA)	 Project  file
	      v3.02.

       -J _file_
	      Create Hashcat Capture file.

       -S     WPA cracking speed test.

       -r _database_
	      Path to the airolib-ng database. Cannot be used with '-w'.

       Other options:

       -H or --help
	      Show help	screen

       -u or --cpu-detect
	      Provide information on the number	of CPUs	and MMX/SSE support

AUTHOR
       This  manual  page was written by Adam Cecile <gandalf@le-vert.net> for
       the Debian system (but may be used by others).  Permission  is  granted
       to  copy, distribute and/or modify this document	under the terms	of the
       GNU General Public License, Version 2 or	any later version published by
       the  Free  Software  Foundation On Debian systems, the complete text of
       the GNU General Public License can be  found  in	 /usr/share/common-li-
       censes/GPL.

SEE ALSO
       airbase-ng(8)
       aireplay-ng(8)
       airmon-ng(8)
       airodump-ng(8)
       airodump-ng-oui-update(8)
       airserv-ng(8)
       airtun-ng(8)
       besside-ng(8)
       easside-ng(8)
       tkiptun-ng(8)
       wesside-ng(8)
       airdecap-ng(1)
       airdecloak-ng(1)
       airolib-ng(1)
       besside-ng-crawler(1)
       buddy-ng(1)
       ivstools(1)
       kstats(1)
       makeivs-ng(1)
       packetforge-ng(1)
       wpaclean(1)

Version	1.2-rc4			 February 2016			AIRCRACK-NG(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=aircrack-ng&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help