Pwnagotchi
Pwnagotchi is an AI-powered WiFi auditing tool that autonomously captures WPA handshakes while learning from its environment using a neural network. It’s designed to run on Raspberry Pi for passive WiFi reconnaissance.
Installation
Raspberry Pi Setup
# Update system
sudo apt update && sudo apt upgrade -y
# Clone Pwnagotchi repository
git clone https://github.com/evilsocket/pwnagotchi.git
cd pwnagotchi
# Install dependencies
sudo apt install python3-pip python3-dev libopenblas0 libatlas-base-dev libjasper-dev
# Install Python requirements
pip3 install -r requirements.txt
# Setup with installer
sudo python3 install.py
# Enable services
sudo systemctl enable pwnagotchi
sudo systemctl start pwnagotchiDebian/Ubuntu (for testing)
# Install WiFi tools
sudo apt install aircrack-ng hostapd dnsmasq
# Clone and setup
git clone https://github.com/evilsocket/pwnagotchi.git
cd pwnagotchi
pip3 install -r requirements.txt
# Run in debug mode
python3 pwnagotchi.py --debug --no-gpsdBasic Configuration
config.toml
# Main configuration file (~/.local/share/pwnagotchi/config.toml)
[main]
name = "Pawny"
db = "/tmp/pwnagotchi.db"
max-age = 120
batch_size = 50
[logging]
level = "debug"
[webui]
enabled = true
username = "admin"
password = "changeme"
address = "0.0.0.0"
port = 8080
ssl = false
[plugins]
enabled = true
[plugins.grid]
enabled = true
report = true
[plugins.cryptography]
enabled = true
[ui]
display = "waveshare_2in13"
fps = 0.5
rotation = 180
[bettercap]
port = 8082
proxy = trueWiFi Interface Configuration
# Set interface to monitor mode
sudo airmon-ng start wlan0
# Configure in config.toml
[wifi]
interface = "wlan0mon"
channel = "1,2,3,4,5,6,7,8,9,10,11"
tx_power = 20
country = "US"Starting Pwnagotchi
# Start as service
sudo systemctl start pwnagotchi
# View status
sudo systemctl status pwnagotchi
# Follow logs
sudo journalctl -u pwnagotchi -f
# Manual execution
python3 pwnagotchi.py
# Debug mode
python3 pwnagotchi.py --debug --no-sleepWeb UI Access
# Default credentials
URL: http://localhost:8080
Username: admin
Password: admin (change immediately)
# Change password
# Edit config.toml or use web interface
# Remote access (if configured)
http://<pwnagotchi-ip>:8080Handshake Capture
View Captured Handshakes
# List all networks
sudo sqlite3 /tmp/pwnagotchi.db ".schema"
# Query captured networks
sudo sqlite3 /tmp/pwnagotchi.db \
"SELECT bssid, essid, handshake FROM networks WHERE handshake=1;"
# Export captured handshakes
sudo sqlite3 /tmp/pwnagotchi.db \
"SELECT bssid, essid FROM networks WHERE handshake=1;" > captured_networks.txtConvert to Aircrack Format
# Extract PCAP from database
sudo sqlite3 /tmp/pwnagotchi.db \
"SELECT handshake FROM networks WHERE bssid='AA:BB:CC:DD:EE:FF';" > handshake.bin
# Convert binary to PCAP
pwnagotchi -export-pcap /tmp/pwnagotchi.db captured.pcapPlugin System
Installing Plugins
# Plugins directory
~/.local/share/pwnagotchi/plugins/
# Clone plugin repository
cd ~/.local/share/pwnagotchi/plugins
git clone https://github.com/evilsocket/pwnagotchi-plugins.git
# List available plugins
ls -laCommon Plugins
# Enable in config.toml
[plugins.grid]
enabled = true
report = true
username = "YOUR_GRID_USERNAME"
report_interval = 30
[plugins.cryptography]
enabled = true
[plugins.association-log]
enabled = true
enabled_data = ["essid", "bssid", "channel", "vendor"]
[plugins.manual-mode]
enabled = true
device = "/dev/ttyUSB0"
[plugins.webcam]
enabled = true
# Captures images of clientsWriting Custom Plugins
# ~/.local/share/pwnagotchi/plugins/myplugin.py
from pwnagotchi.plugins import BasePlugin
class MyPlugin(BasePlugin):
def __init__(self):
self.options = {
'enabled': {'default': False, 'description': 'Enable my plugin'}
}
def on_ready(self, agent):
print("[*] My plugin loaded")
def on_handshake(self, agent, filename, bssid, ssid, ap_list):
print(f"[+] Handshake captured: {ssid}")AI Training & Learning
Neural Network Configuration
# config.toml AI settings
[ai]
learning_rate = 0.001
training_batch_size = 32
reward_smoothing = 0.9
epochs = 100
discount_factor = 0.95
# Monitor training
tail -f ~/.local/share/pwnagotchi/training.logTraining Status
# Check training progress
ps aux | grep pwnagotchi
# Training data location
~/.local/share/pwnagotchi/model/
# View training metrics
sudo sqlite3 /tmp/pwnagotchi.db \
"SELECT DATE(timestamp), COUNT(*) FROM handshakes GROUP BY DATE(timestamp);"Data Collection & Export
View Database
# Browse database
sudo sqlite3 -header -column /tmp/pwnagotchi.db
# Query commands
.tables
.schema
SELECT * FROM networks LIMIT 10;
SELECT COUNT(*) FROM networks;
SELECT * FROM networks WHERE handshake=1;Export Data
# CSV export
sudo sqlite3 /tmp/pwnagotchi.db \
".mode csv" \
".output networks.csv" \
"SELECT * FROM networks;"
# JSON export
sudo sqlite3 /tmp/pwnagotchi.db \
".mode json" \
"SELECT * FROM networks;" > networks.json
# Handshake files
find ~/.local/share/pwnagotchi/handshakes/ -type fAdvanced Configuration
Multi-Band Operation
[wifi]
interface = "wlan0mon"
# Channels (1-11 2.4GHz, 36+ 5GHz)
channels = "1,6,11,36,40,44,48"
# Channel switching speed
channel_duration = 5
# Tx power (mW)
tx_power = 20GPS Integration
[gps]
enabled = true
device = "/dev/ttyUSB0"
baudrate = 9600
# Save location with captures
save_location = trueAutomated Deauthentication
[deauth]
enabled = true
send_deauth = true
send_disassoc = true
packets = 1
# Only deauth handshakes
only_existing_handshakes = trueTroubleshooting
Issue: WiFi interface not in monitor mode
# Check current mode
iwconfig wlan0
# Enable monitor mode
sudo airmon-ng start wlan0
# Verify
iwconfig wlan0monIssue: No handshakes captured
# Check configuration
grep -A 10 "\[wifi\]" ~/.local/share/pwnagotchi/config.toml
# Monitor activity
sudo tcpdump -i wlan0mon -c 20
# Check channel switching
tail -f /var/log/syslog | grep pwnagotchiIssue: Web UI unreachable
# Check if service is running
sudo systemctl status pwnagotchi
# Verify port
sudo netstat -tlnp | grep 8080
# Check firewall
sudo ufw allow 8080/tcpIssue: Low handshake capture rate
# Verify TX power
iw wlan0 set txpower fixed 20mBm
# Check channel list
iw wlan0 info
# Increase capture duration
# Edit config.toml: channel_duration = 10Complete Setup Script
#!/bin/bash
# Pwnagotchi installation script
echo "[*] Installing Pwnagotchi..."
cd /tmp
git clone https://github.com/evilsocket/pwnagotchi.git
cd pwnagotchi
# Install dependencies
sudo apt install -y python3-pip aircrack-ng hostapd
# Install Python packages
pip3 install -r requirements.txt
# Create directories
mkdir -p ~/.local/share/pwnagotchi/plugins
mkdir -p ~/.local/share/pwnagotchi/model
# Copy configuration
cp config.toml.example ~/.local/share/pwnagotchi/config.toml
# Start service
sudo systemctl enable pwnagotchi
sudo systemctl start pwnagotchi
echo "[+] Pwnagotchi installed!"
echo "[*] Access web UI at http://localhost:8080"Performance Monitoring
# System resources
top -p $(pgrep pwnagotchi)
# Memory usage
ps aux | grep pwnagotchi | awk '{print $6}'
# Handshake capture rate
watch -n 5 'sqlite3 /tmp/pwnagotchi.db "SELECT COUNT(*) FROM networks WHERE handshake=1;"'
# Database size
du -h /tmp/pwnagotchi.dbSecurity Notes
- Change default web UI credentials immediately
- Disable SSL in config if using locally only
- Use firewall to restrict web UI access
- Keep database backups
- Monitor network activity for detection
Related Tools
- Aircrack-ng - Crack captured handshakes
- Hashcat - GPU-accelerated cracking
- Bettercap - Network utility (used by Pwnagotchi)
- Airmon-ng - WiFi interface management
Last updated: 2026-03-30 | Pwnagotchi v1.4