airbase-ng

airbase-ng [options] <interface>

-a <bssid>
    Set Access Point BSSID

-c <channel>
    Lock to specific channel (1-14)

-D
    Ad-hoc mode (hide SSID)

-e <essid>
    Set ESSID (network name)

-E <file.prefix>
    Dump frames to .cap file

-h <MAC>
    From-DS MAC address

-H
    Use fake MAC header

-i <iface>
    Capture interface for packet sending

-j
    Write only IVs to file

-k <n>
    Kill clients after n packets

-P
    Print detected probe requests

-q
    Enable quiet mode

-s <dbm>
    Set signal strength

-t
    Set source MAC to AP MAC

-U
    Display summary info

-v <level>
    Set verbosity (1-4)

-w <file>
    Write packets to pcapng file

-X
    Disable processing management frames

-y
    Use Layer 2 retransmissions

-Z
    Use fuzzing on tagged parameters

--deauth-reason <code>
    Deauth reason code

airbase-ng is a powerful tool from the Aircrack-ng suite for wireless network security auditing. It generates fake Access Points (APs), also known as rogue APs, to simulate attacks like Karma or Honeypot scenarios. By responding to probe requests from clients seeking known SSIDs, it tricks devices into associating with the malicious AP, potentially capturing credentials, handshakes, or enabling man-in-the-middle attacks.

Primarily used in penetration testing, it supports custom BSSID, ESSID, channel locking, adjustable signal strength, and deauthentication floods to force client reconnections. It can emulate open, WEP, or WPA networks, output traffic to pcap files for analysis, and handle multiple virtual APs. The tool requires a compatible wireless interface in monitor mode (prepared via airmon-ng).

Security professionals use it to assess client vulnerabilities, such as automatic network joining. However, it demands root privileges and hardware supporting packet injection. Ethical use is critical, as unauthorized deployment violates laws like the Computer Fraud and Abuse Act.

Requires monitor mode interface via airmon-ng; needs packet injection-capable Wi-Fi card; root access mandatory; illegal for unauthorized networks; may cause interference or DoS.

airmon-ng start wlan0
airbase-ng -c 6 -e 'TestAP' -P mon0 — Creates open AP on channel 6, prints probes.

airbase-ng -e '' mon0 — Responds to all probe requests with matching SSIDs for client lure.

Part of Aircrack-ng suite since 2006, forked from Aircrack (2004); developed by Christophe Devine and community for 802.11 auditing; major updates in v1.0 (2010) added AP emulation; actively maintained for modern Wi-Fi standards.

airodump-ng(1), aireplay-ng(1), airmon-ng(1), aircrack-ng(1)