Tool Documentation:
Scan for networks using the monitor mode interface ( -i wlan0mon ) on channel 6 ( -c 6 ), while ignoring frame checksum errors ( -C ):
[email protected]:~# wash -i wlan0mon -c 6 -C BSSID Ch dBm WPS Lck Vendor ESSID -------------------------------------------------------------------------------- E0:3F:49:6A:57:78 6 -73 1.0 No Unknown ASUS
reaver Usage Example
Use the monitor mode interface ( -i mon0 ) to attack the access point ( -b E0:3F:49:6A:57:78 ), displaying verbose output ( -v ):
[email protected]:~# reaver -i wlan0mon -b E0:3F:49:6A:57:78 -v Reaver v1.6.5 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner [email protected]> [+] Waiting for beacon from E0:3F:49:6A:57:78 [+] Associated with E0:3F:49:6A:57:78 (ESSID: ASUS) [+] Trying pin 12345670
Packages and Binaries:
reaver
Reaver performs a brute force attack against an access point’s WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP’s wireless settings can be reconfigured.
Installed size: 1.62 MB
How to install: sudo apt install reaver
reaver
[email protected]:~# reaver -h Reaver v1.6.6 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner [email protected]> Required Arguments: -i, --interface= Name of the monitor-mode interface to use -b, --bssid= BSSID of the target AP Optional Arguments: -m, --mac= MAC of the host system -e, --essid= ESSID of the target AP -c, --channel= Set the 802.11 channel for the interface (implies -f) -s, --session= Restore a previous session file -C, --exec= Execute the supplied command upon successful pin recovery -f, --fixed Disable channel hopping -5, --5ghz Use 5GHz 802.11 channels -v, --verbose Display non-critical warnings (-vv or -vvv for more) -q, --quiet Only display critical messages -h, --help Show help Advanced Options: -p, --pin= Use the specified pin (may be arbitrary string or 4/8 digit WPS pin) -d, --delay= Set the delay between pin attempts [1] -l, --lock-delay= Set the time to wait if the AP locks WPS pin attempts [60] -g, --max-attempts= Quit after num pin attempts -x, --fail-wait= Set the time to sleep after 10 unexpected failures [0] -r, --recurring-delay= Sleep for y seconds every x pin attempts -t, --timeout= Set the receive timeout period [10] -T, --m57-timeout= Set the M5/M7 timeout period [0.40] -A, --no-associate Do not associate with the AP (association must be done by another application) -N, --no-nacks Do not send NACK messages when out of order packets are received -S, --dh-small Use small DH keys to improve crack speed -L, --ignore-locks Ignore locked state reported by the target AP -E, --eap-terminate Terminate each WPS session with an EAP FAIL packet -J, --timeout-is-nack Treat timeout as NACK (DIR-300/320) -F, --ignore-fcs Ignore frame checksum errors -w, --win7 Mimic a Windows 7 registrar [False] -K, --pixie-dust Run pixiedust attack -Z Run pixiedust attack -O, --output-file= Write packets of interest into pcap file Example: reaver -i wlan0mon -b 00:90:4C:C1:AC:21 -vv
wash
[email protected]:~# wash -h Wash v1.6.6 WiFi Protected Setup Scan Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner Required Arguments: -i, --interface= Interface to capture packets on -f, --file [FILE1 FILE2 FILE3 . ] Read packets from capture files Optional Arguments: -c, --channel= Channel to listen on [auto] -n, --probes= Maximum number of probes to send to each AP in scan mode [15] -O, --output-file= Write packets of interest into pcap file -F, --ignore-fcs Ignore frame checksum errors -2, --2ghz Use 2.4GHz 802.11 channels -5, --5ghz Use 5GHz 802.11 channels -s, --scan Use scan mode -u, --survey Use survey mode [default] -a, --all Show all APs, even those without WPS -j, --json print extended WPS info as json -U, --utf8 Show UTF8 ESSID (does not sanitize ESSID, dangerous) -p, --progress Show percentage of crack progress -h, --help Show help Example: wash -i wlan0mon
reaver on Kali Linux
This is a short guide on how to install reaver package:
2. Uninstall / Remove reaver package
Please follow the instructions below to uninstall reaver package:
3. Details of reaver package
Package: reaver
Version: 1.6.6-0kali1
Architecture: amd64
Maintainer: Kali Developers
Installed-Size: 1665
Depends: libc6 (>= 2.29), libpcap0.8 (>= 1.0.0), pixiewps, aircrack-ng
Homepage: https://github.com/t6x/reaver-wps-fork-t6x
Priority: optional
Section: net
Filename: pool/main/r/reaver/reaver_1.6.6-0kali1_amd64.deb
Size: 171680
SHA256: c494e4c8606f4faaba7c170b096cc0589ac0d0a04f8422d33328d2d53764d732
SHA1: 50fd8ac00cd4a611642ccc67cbcb89adc1fa5d08
MD5sum: 69bbb9baaefb529e07dbf23f5df7b97b
Description: brute force attack tool against Wifi Protected Setup PIN number
Reaver performs a brute force attack against an access point’s WiFi
Protected Setup pin number.
Once the WPS pin is found, the WPA PSK can be recovered and alternately
the AP’s wireless settings can be reconfigured.
Description-md5: c70abce7e7881fde1f10820ab1e59498
4. References on Kali Linux
5. The same packages on other Linux Distributions
reaver (1.4-2build1) Ubuntu 18.04 LTS (Bionic Beaver)
reaver (1.4-2) Ubuntu 16.04 LTS (Xenial Xerus)
reaver (1.6.5-1) Ubuntu 20.10 (Groovy Gorilla)
reaver (1.6.5-1) Ubuntu 21.10 (Impish Indri)
reaver (1.6.5-1) Ubuntu 22.04 LTS (Jammy Jellyfish)
reaver (1.6.5-1) Debian 10 (Buster)