airdecloak-ng

airdecloak-ng options capture_file.cap

-h
    Shows the help screen.

capture_file.cap
    The capture file (e.g., .cap or .pcap) to read from. This is usually a file created by airodump-ng.

airdecloak-ng is a tool part of the Aircrack-ng suite used to detect cloaked or hidden wireless networks. Hidden networks do not broadcast their SSID (Service Set Identifier). airdecloak-ng passively sniffs wireless traffic and attempts to determine the SSID of these hidden networks by analyzing probe requests and other 802.11 management frames.
It works by capturing packets from the air and analyzing them to find probe requests and other frames that might contain the hidden SSID. If a client station attempts to connect to a hidden network, it will broadcast the SSID in its probe requests. airdecloak-ng listens for these requests and displays the SSID of the hidden network.
The tool can also display other information about the network, such as the BSSID (Basic Service Set Identifier) and the encryption type. The tool is designed to work with a wireless network adapter in monitor mode.

airdecloak-ng's success depends on client devices actively probing for the hidden network. If no devices are probing, the SSID cannot be revealed. The tool also requires a capture file containing sufficient 802.11 management frames.

A typical usage would be:
airodump-ng wlan0 (to capture the traffic)
airdecloak-ng capture_file.cap (analyze the capture file created by airodump-ng)

airdecloak-ng is part of the Aircrack-ng suite, a well-established collection of tools for auditing wireless network security. Its development has been ongoing within the Aircrack-ng project, evolving to adapt to changes in wireless protocols and security practices. It is a frequently used tool for network penetration testing and security audits.

airodump-ng(1), aircrack-ng(1), airmon-ng(8)