aircrack-ng

Crack key from capture file using [w]ordlist

$ aircrack-ng -w [path/to/wordlist.txt] [path/to/capture.cap]

$ aircrack-ng -p [number] -w [path/to/wordlist.txt] [path/to/capture.cap]

$ aircrack-ng -w [path/to/wordlist.txt] -e [essid] [path/to/capture.cap]

$ aircrack-ng -w [path/to/wordlist.txt] --bssid [mac] [path/to/capture.cap]

aircrack-ng [options] <capture file(s)>

-a <attack_mode>
    Selects the WEP attack mode. Common values include 1 (PTW attack), 2 (KoreK attack), etc.

-b <BSSID>
    Targets a specific access point by its BSSID (MAC address).

-e <ESSID>
    Targets a specific network by its ESSID (network name).

-w <wordlist>
    Specifies a dictionary file to use for WPA/WPA2-PSK cracking. This file contains potential passphrases.

-q
    Enables quiet mode, suppressing non-essential output.

--help
    Displays the command's usage information and available options.

aircrack-ng is a powerful and versatile suite of tools primarily used for auditing wireless network security. While the aircrack-ng command itself specifically focuses on cracking WEP and WPA/WPA2-PSK keys, the broader aircrack-ng suite encompasses various utilities like airmon-ng (for putting wireless adapters into monitor mode), airodump-ng (for capturing raw 802.11 frames), aireplay-ng (for injecting/replaying frames), and airdecap-ng (for decrypting WEP/WPA capture files).

The core aircrack-ng program works by taking a packet capture file (typically in .cap format), often generated by airodump-ng, and attempting to recover the network's pre-shared key. For WEP, it employs statistical attacks (such as the PTW attack) to deduce the key. For WPA/WPA2-PSK, it performs dictionary attacks against captured four-way handshake packets to find the passphrase. It is widely utilized by penetration testers and security researchers to assess the robustness of wireless network security implementations.

Hardware Requirements: Requires a compatible wireless adapter capable of monitor mode and packet injection for effective use of the full aircrack-ng suite.
Dictionary Attack Dependency: WPA/WPA2-PSK cracking is a dictionary attack; its success hinges entirely on the quality and comprehensiveness of the provided wordlist.
Legality and Ethics: Using aircrack-ng on networks without explicit permission from the owner is illegal in many jurisdictions and highly unethical. It should only be used for legitimate security auditing on networks you own or have authorization to test.
Computational Intensity: WPA/WPA2 cracking can be very computationally intensive, especially for long passphrases and large dictionary files, often requiring significant CPU or GPU resources.

It's crucial to understand that aircrack-ng is not merely a single command but an integrated suite of tools. The various components (e.g., airmon-ng, airodump-ng, aireplay-ng) are designed to work together to perform comprehensive wireless network security assessments, from capturing packets to cracking keys.

The aircrack-ng command can successfully crack WEP keys (using various attacks like PTW, KoreK, etc.) and WPA-PSK / WPA2-PSK keys (via dictionary attacks against captured 4-way handshakes).

The aircrack-ng project evolved from the original aircrack program, which itself was a fork of earlier tools like dweputils and wepattack. The '-ng' suffix (Next Generation) signifies a significant overhaul and enhancement of the original suite. This transition aimed to combine and improve various wireless auditing tools into a cohesive suite, offering better performance, more advanced attack methods (notably the PTW WEP attack and more robust WPA/WPA2 cracking), and broader hardware compatibility. Since its inception, aircrack-ng has become a de facto standard in the cybersecurity community for wireless network penetration testing and auditing, constantly being updated to address new wireless security protocols and vulnerabilities.

airmon-ng(8), airodump-ng(8), aireplay-ng(8), airdecap-ng(1), john(1), hashcat(1)