wifite2 v2.6.8 release: new version of the popular wireless network auditor, “wifite”

by do son · Published September 4, 2018 · Updated January 23, 2023

Wifite 2

A complete re-write of wifite, a Python script for auditing wireless networks.

Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include:

WPS: The Offline Pixie-Dust attack
WPS: The Online Brute-Force PIN attack
WPS: The Offline NULL PIN attack
WPA: The WPA Handshake Capture + offline crack.
WPA: The PMKID Hash Capture + offline crack.
WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.
WIFI Signal jammer, block specific accesspoints or multiple. signal jamming only works for specific Atheros WiFi chipsets.

Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.

Brief Feature List

PMKID hash capture (enabled by-default, force with: --pmkid)
WPS Offline Brute-Force Attack aka “Pixie-Dust”. (enabled by-default, force with: --wps-only --pixie)
WPS Online Brute-Force Attack aka “PIN attack”. (enabled by-default, force with: --wps-only --no-pixie)
WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with: --no-wps)
Validates handshakes against tshark, cowpatty, and aircrack-ng (when available)
Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
Automatically decloaks hidden access points while scanning or attacking.
- Note: Only works when channel is fixed. Use -c <channel>
- Disable this using --no-deauths
5Ghz support for some wireless cards (via -5 switch).
- Note: Some tools don’t play well on 5GHz channels (e.g. aireplay-ng)
Stores cracked passwords and handshakes to the current directory (--cracked)
- Includes information about the cracked access point (Name, BSSID, Date, etc).
Easy to try to crack handshakes or PMKID hashes against a wordlist (--crack)

Support

Wifite is designed specifically for the latest version of Kali Linux. ParrotSec is also supported.

NetHunter (Android) is also widely supported by wifite, but it will require a custom kernel with modules support and various patches for injection in order to work. Tested working like a charm on Android 10 (Q), Android 11 (R) and Android 12 (S).

Changelog v2.6.8

Update ath_masker
backtrace: better handle the debug (stacktrace) then in tool output
parsing all trace in stdout.
terminal: Suppress stderr and stdout when writing pixie keys to db
wash: Add a customized ‘wash’ tool (from reaver) which is
handling memory (cache/flush) and timers and more. We gonna hardcode/modulize this
so users isn’t depending on various ones from their respective distros which varies.
tools/script: Add fetch-oui script (which will be a module later)
tools/script: Add example automation “run-automation.sh” script
Nullpin: fixed ‘–no-nullpin’ which was doing the opposite and triggered other params
John: fix a param for return of key to avoid a crash if none found (traceback)
Crack: improve the output in the ESSID target list by removed the parentheses surrounding 4-way captures listed
DB: fixed parsing bssid and essid to json db file
DB: tweaked the export of 4-way handshakes to the DB, so it looks a bit better now they’re inligned.
Been looking and walkthrough all deps (tools) to ensure it all fits, as things changes with time,
partially fixed cracking by using john, testing good, but we need to find a new way to read and parse the output (key). (TODO)
Update ‘chardet’ dependency from v5.0.0 to v5.1.0
Update ‘scapy’ dependency from v2.5.0rc2 to v2.5.0
Fix overly permissive regular expression range
Update OUI (manufacturers) list
Tweak scanner output
Update Dockerfile to use python-3.12
Code cleanup (minimalize the source)
Update README.md