Aircrack-ng
Aircrack-ng Comprehensive Guide & Cheat Sheet
Aircrack-ng is a powerful suite of tools for auditing and securing Wi-Fi networks. This guide covers its fundamentals, installation, core tools, common attack/defense techniques, troubleshooting, legal/ethical considerations, and a command reference cheat sheet.
1. Fundamentals, Components, and Architecture
Aircrack-ng is a suite for wireless network auditing, penetration testing, and security research. It is widely used for:
Cracking WEP and WPA/WPA2-PSK keys
Capturing and analyzing Wi-Fi traffic
Performing packet injection and deauthentication attacks
Creating fake access points for testing
Architecture:
Written in C, cross-platform (Linux, Windows)
Works with wireless cards supporting monitor mode and raw packet injection
Includes tools for monitoring, attacking, testing, and cracking wireless networks .
Main Components:
Airmon-ng: Enables/disables monitor mode on wireless interfaces
Airodump-ng: Captures packets and displays network/client info
Aireplay-ng: Injects/replays packets, performs attacks (e.g., deauth)
Aircrack-ng: Cracks WEP/WPA/WPA2-PSK keys
Airbase-ng: Creates fake access points
Airgraph-ng: Visualizes network traffic
Others: Tools for decryption, packet forging, database management, etc.
Enabling monitor mode with airmon-ng
2. Installation & System Requirements
Supported Platforms
Linux (preferred, e.g., Kali Linux, Parrot OS)
Windows (limited support)
macOS (with some limitations)
Requirements
Wireless card supporting monitor mode and packet injection
Sufficient system resources (RAM, CPU)
Administrative/root privileges
Installation Steps (Linux Example)
Update system:
sudo apt update && sudo apt upgradeInstall dependencies:
sudo apt install build-essential libssl-dev libnl-3-dev libnl-genl-3-dev ethtool pkg-configInstall Aircrack-ng:
From repo:
sudo apt install aircrack-ngFrom source:
git clone https://github.com/aircrack-ng/aircrack-ng.git cd aircrack-ng autoreconf -i ./configure make sudo make install
Windows Installation
Download the latest Windows binaries from the official site.
Extract and run as administrator.
Note: Limited driver support for monitor mode and injection.
3. Aircrack-ng Suite: Tools Overview
airmon-ng
Enable/disable monitor mode on wireless interfaces
airodump-ng
Capture packets, display APs/clients, save handshakes
aireplay-ng
Inject/replay packets, deauth, ARP replay, fragmentation, etc.
aircrack-ng
Crack WEP/WPA/WPA2-PSK keys using captured packets
airbase-ng
Create fake APs, perform MITM attacks
airdecap-ng
Decrypt WEP/WPA/WPA2 capture files
airgraph-ng
Visualize network traffic
airdrop-ng
Rule-based deauthentication
airolib-ng
Manage WPA/WPA2 passphrase databases
airserv-ng
Wireless card TCP/IP server
airtun-ng
Create virtual tunnel interfaces
packetforge-ng
Create custom encrypted packets
easside-ng
Communicate with WEP APs without key (experimental)
tkiptun-ng
WPA/TKIP attack (experimental)
wesside-ng
Automated WEP key recovery (experimental)
ivstools
Manage .ivs files (merge, convert)
makeivs-ng
Generate IVS dump files for testing
kstats
Analyze FMS algorithm votes for IVS dumps
versuck-ng
Default WEP key calculation for some routers
buddy-ng
Helper for easside-ng
WZCook
Recover WEP keys from Windows XP configs
4. Common Attack Vectors & Defense Techniques
Attack Vectors
Packet Capture & Injection: Capture Wi-Fi traffic and inject packets for analysis or attacks .
WEP/WPA/WPA2-PSK Cracking: Use captured handshakes and perform dictionary/brute-force attacks .
Deauthentication Attacks: Force clients to disconnect, capture handshake on reconnect.
Replay Attacks: Resend captured packets to generate more traffic.
Fake Access Points: Lure clients to rogue APs for MITM or credential capture .
ARP Request Replay: Generate IVs for WEP cracking.
Defense Techniques
Use Strong Encryption: Prefer WPA2/WPA3 with AES; avoid WEP .
Update Firmware: Patch routers and clients regularly.
Strong Passwords: Use complex, lengthy passphrases.
Network Monitoring: Detect deauth attacks, rogue APs.
MAC Filtering: Allow only known devices (not foolproof).
Disable SSID Broadcast: Hide network from casual scans.
Intrusion Detection Systems: Alert on suspicious activity.
User Education: Train users on Wi-Fi security best practices .
5. Advanced Techniques & Real-World Use
Multi-Stage Robust Optimization: Sequential decision-making under uncertainty, e.g., staged penetration tests .
Real-Time Optimization: Adjusting attack/defense strategies based on live data .
Case Studies: Used by security professionals in industries (e.g., GE, PayPal, NASA) for network audits and incident response .
6. Troubleshooting Common Issues
Identify the Problem: Check error messages, logs, and recent changes .
Basic Checks: Ensure wireless card supports monitor mode/injection; check connections .
Gather Information: Use logs, dmesg, and Aircrack-ng output.
Analyze Causes: Compatibility, driver issues, permissions, or misconfiguration .
Implement Solutions: Try one fix at a time; e.g., switch drivers, update firmware.
Test & Verify: Confirm each step before proceeding .
Document Steps: Keep notes for future reference .
Seek Help: Use forums, GitHub issues, or community channels .
Prevent Recurrence: Regular updates, backups, and best practices .
7. Legal, Ethical, and Security Considerations
Authorization: Only test networks you own or have explicit permission to audit. Unauthorized use is illegal .
Compliance: Follow local, national, and international laws (e.g., GDPR, CCPA).
Privacy: Handle captured data responsibly; do not misuse sensitive information .
Transparency: Disclose findings responsibly; do not exploit vulnerabilities.
Risk Management: Limit testing to avoid network disruption; use in controlled environments .
8. Command Reference & Cheat Sheet
Basic Workflow
# 1. Enable monitor mode
sudo airmon-ng start wlan0
# 2. Capture packets and handshakes
sudo airodump-ng wlan0mon
# 3. Focus on a specific network (channel, BSSID)
sudo airodump-ng --bssid <BSSID> -c <channel> -w capture wlan0mon
# 4. Deauthenticate a client to capture handshake
sudo aireplay-ng --deauth 10 -a <BSSID> -c <client MAC> wlan0mon
# 5. Crack the key (WPA/WPA2)
aircrack-ng -w wordlist.txt -b <BSSID> capture-01.cap
# 6. Stop monitor mode
sudo airmon-ng stop wlan0monCommon Commands
airmon-ng start wlan0
Enable monitor mode on wlan0
airmon-ng stop wlan0mon
Disable monitor mode
airodump-ng wlan0mon
Scan for networks and clients
airodump-ng --bssid <BSSID> -c <ch> -w out wlan0mon
Capture packets for a specific AP
aireplay-ng --deauth 10 -a <BSSID> wlan0mon
Deauth all clients from AP
aireplay-ng --deauth 10 -a <BSSID> -c <client>
Deauth specific client
aircrack-ng -w wordlist.txt -b <BSSID> capture.cap
Crack WPA/WPA2 handshake
airdecap-ng -w <key> capture.cap
Decrypt capture file with known key
airolib-ng db --import passwd wordlist.txt
Import wordlist into airolib-ng database
airolib-ng db --import essid <essidlist>
Import ESSIDs into airolib-ng database
airolib-ng db --batch
Batch process passphrases/ESSIDs
airbase-ng -e "FakeAP" -c 6 wlan0mon
Create a fake AP on channel 6
packetforge-ng
Create custom packets for injection
File Types
.cap– Packet capture file (PCAP format).ivs– Initialization vectors (for WEP cracking).hccapx– Handshake file for hashcat
9. Visual Reference
airodump-ng scanning for networks and clients
aircrack-ng performing a dictionary attack
10. Best Practices
Always use Aircrack-ng in a legal and ethical manner.
Keep your tools and wireless drivers up to date.
Use strong, unique passwords for your own networks.
Regularly audit your own Wi-Fi for vulnerabilities.
Document your process and findings for future reference.
11. Resources
This guide provides a comprehensive overview and quick reference for using Aircrack-ng effectively and responsibly.
Last updated
Was this helpful?