wifite2 v2.6.8 release: new version of the popular wireless network auditor, “wifite”
Wifite 2
A complete re-write of wifite, a Python script for auditing wireless networks.
Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!
Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include:
- WPS: The Offline Pixie-Dust attack
- WPS: The Online Brute-Force PIN attack
WPS: The Offline NULL PIN attack - WPA: The WPA Handshake Capture + offline crack.
- WPA: The PMKID Hash Capture + offline crack.
- WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.
- WIFI Signal jammer, block specific accesspoints or multiple. signal jamming only works for specific Atheros WiFi chipsets.
Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.
Brief Feature List
- PMKID hash capture (enabled by-default, force with:
--pmkid
) - WPS Offline Brute-Force Attack aka “Pixie-Dust”. (enabled by-default, force with:
--wps-only --pixie
) - WPS Online Brute-Force Attack aka “PIN attack”. (enabled by-default, force with:
--wps-only --no-pixie
) - WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with:
--no-wps
) - Validates handshakes against
tshark
,cowpatty
, andaircrack-ng
(when available) - Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
- Automatically decloaks hidden access points while scanning or attacking.
- Note: Only works when channel is fixed. Use
-c <channel>
- Disable this using
--no-deauths
- Note: Only works when channel is fixed. Use
- 5Ghz support for some wireless cards (via
-5
switch).- Note: Some tools don’t play well on 5GHz channels (e.g.
aireplay-ng
)
- Note: Some tools don’t play well on 5GHz channels (e.g.
- Stores cracked passwords and handshakes to the current directory (
--cracked
)- Includes information about the cracked access point (Name, BSSID, Date, etc).
- Easy to try to crack handshakes or PMKID hashes against a wordlist (
--crack
)
Support
Wifite is designed specifically for the latest version of Kali Linux. ParrotSec is also supported.
NetHunter (Android) is also widely supported by wifite, but it will require a custom kernel with modules support and various patches for injection in order to work. Tested working like a charm on Android 10 (Q), Android 11 (R) and Android 12 (S).
Changelog v2.6.8
- Update ath_masker
- backtrace: better handle the debug (stacktrace) then in tool output
parsing all trace in stdout. - terminal: Suppress stderr and stdout when writing pixie keys to db
- wash: Add a customized ‘wash’ tool (from reaver) which is
handling memory (cache/flush) and timers and more. We gonna hardcode/modulize this
so users isn’t depending on various ones from their respective distros which varies. - tools/script: Add fetch-oui script (which will be a module later)
- tools/script: Add example automation “run-automation.sh” script
- Nullpin: fixed ‘–no-nullpin’ which was doing the opposite and triggered other params
- John: fix a param for return of key to avoid a crash if none found (traceback)
- Crack: improve the output in the ESSID target list by removed the parentheses surrounding 4-way captures listed
- DB: fixed parsing bssid and essid to json db file
- DB: tweaked the export of 4-way handshakes to the DB, so it looks a bit better now they’re inligned.
Been looking and walkthrough all deps (tools) to ensure it all fits, as things changes with time,
partially fixed cracking by using john, testing good, but we need to find a new way to read and parse the output (key). (TODO) - Update ‘chardet’ dependency from v5.0.0 to v5.1.0
- Update ‘scapy’ dependency from v2.5.0rc2 to v2.5.0
- Fix overly permissive regular expression range
- Update OUI (manufacturers) list
- Tweak scanner output
- Update Dockerfile to use python-3.12
- Code cleanup (minimalize the source)
- Update README.md
Installing & Running
$ git clone https://github.com/kimocoder/wifite2.git
$ cd wifite2
$ pip3 install -r requirements.txt
$ sudo ./wifite.py
Decloaking & cracking a hidden access point (via the WPA Handshake attack):
Cracking a weak WEP password (using the WEP Replay attack):
Various cracking options (using --crack
option):
Copyright (C) 2017 derv82
Source: https://github.com/derv82/