pyrit [options] command
Pyrit exploits the computational power of many-core- and GPGPU-platforms to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time tradeoff. It is a powerful attack against one of the world's most used security-protocols.
This document tries to describe and explain all functions the commandline-client pyrit provides. One or more options may be given on the commandline to customize a command. The exact behaviour of options depends on the command.
At the time of this writing, cowpatty is not available in Debian. References to cowpatty and its commands are nevertheless preserved for the sake of completeness.
Pyrit recognizes the following options:
pyrit -r "test*.pcap" analyze
Workable: The handshake includes the response from the Station and the confirmation from the Access-Point. The challenge was not captured.
Bad: The handshake includes the challenge from the Access-Point and the response from the Station. The confirmation was not captured.
Handshakes of the same quality are ordered by how close the packets that make up the handshake are to each other.
pyrit -r test.pcap -e MyNetwork -b 00:de:ad:c0:de:00 \ -o MyNetworkPassword.txt attack_batch
Pyrit works down the list of reconstructed EAPOL-handshakes in case the option --all-handshakes is supplied.
pyrit -r test.pcap -e MyOwnNetwork \ -i MyOwnNetwork.cow.gz -o - attack_cowpatty
Pyrit attacks all EAPOL-handshakes at the same time if the option --all-handshakes is supplied. This will reduce throughput (e.g.: 33% throughout in case of three handshakes).
pyrit -r test.pcap -e MyOtherNetwork attack_db
pyrit -r test.pcap -b 00:de:ad:be:ef:00 \ -i words.txt attack_passthrough
Pyrit attacks all EAPOL-handshakes at the same time if the option --all-handshakes is supplied.
pyrit -e NETGEAR batch
pyrit -e NETGEAR -o - batch | \ cowpatty -d - -r wpatestcapture.cap -s NETGEAR
pyrit -e NETGEAR create_essid
pyrit -e NETGEAR delete_essid
pyrit -o myword.txt.gz export_passwords
pyrit -o NETGEAR.cow -e NETGEAR export_cowpatty
pyrit -o NETGEAR.db -e NETGEAR export_hashdb
pyrit -i dirty_words.txt import_passwords
pyrit -i dirty_words.txt import_unique_passwords
pyrit -i dirty_words.txt.gz -e NETGEAR \ -o - passthrough | cowpatty -d - \ -r wpatestcapture.cap -s NETGEAR
pyrit -u sqlite://var/local/pyrit.db relay
pyrit -u http://192.168.0.100:17934 batch
pyrit -r "large_dumps_*.pcap" -e MyNetwork \ -o tiny_compressed_dump_MyNetwork.dump.gz strip
pyrit -r /temp/kismet_dump -o small_dump.pcap stripLive
pyrit -e NETGEAR verify
If command succeeds, pyrit's process exit status is set to 0; otherwise it is set to 1 and (usually) an error message or a python-traceback is written to stderr. The following commands also indicate an error condition in certain cases:
attack_passthrough, attack_batch, attack_db and attack_cowpatty: The password could not be found.
verify At least one workunit contained invalid results.
check_db Errors in the database were found (and possibly fixed).
The author does not encourage or support using pyrit for the infringement of people's communication-privacy. The exploration and realization of the technology discussed here motivate as a purpose of their own; this is documented by the open development, strictly sourcecode-based distribution and 'copyleft'-licensing.
pyrit was written by Lukas Lueg <email@example.com>.
This manual page was written by Christian Kastner <firstname.lastname@example.org> for the Debian project (but may be used by others).