airolib-ng

airolib-ng database_path [options]
Example: airolib-ng wireless_db --file capture.cap --import wpa
Example: airolib-ng wireless_db --convert essid essids.txt

database_path
    Path to the SQLite database file to create or use for storing data.

--help, -h
    Displays the help message and exits.

--stats
    Shows statistics about the database, including the number of ESSIDs, passwords, and handshakes.

--clean
    Cleans the database by removing invalid or incomplete WPA/WPA2 handshakes.

--check
    Checks the integrity of handshakes stored in the database.

--file file
    Specifies an input file (e.g., .cap for handshakes, .dico for dictionaries) to be processed.

--import format
    Imports data from the specified input file. format can be wpa (for handshakes), essid, or password.

--add essid <ESSID>
    Adds a specific ESSID (network name) to the database.

--add password <password>
    Adds a specific password (plaintext or PMK) to the database.

--remove essid <ESSID>
    Removes a specified ESSID from the database.

--remove password <password>
    Removes a specified password from the database.

--export type <file>
    Exports data of a specific type (essid or password) from the database to a text file.

--convert format <file>
    Converts all PMK-ESSID pairs from the database into a specified output format (dico, essid, lst) and saves to file.

airolib-ng is a utility from the aircrack-ng suite designed to process and optimize WPA/WPA2 handshake capture files. Its primary function is to convert raw handshake captures (typically .cap files) into formats suitable for dictionary-based password cracking tools like aircrack-ng itself, hashcat, or John the Ripper. It can also manage ESSID lists, merge files, and check the integrity of handshakes. This tool is crucial for preparing data captured by tools like airodump-ng before attempting to crack WPA/WPA2 passphrases offline. By optimizing the handshake data, airolib-ng helps streamline the cracking process, making it more efficient for various offline attack scenarios.

airolib-ng requires a complete 4-way WPA/WPA2 handshake for effective processing and conversion. Incomplete handshakes, even if present in the .cap file, cannot be used for cracking and will be noted or removed during database cleaning. The database file can grow substantially depending on the amount of captured data, potentially requiring significant disk space.

airolib-ng uses an SQLite database to store ESSIDs, PMKs (Pairwise Master Keys), and captured handshakes. This centralized database allows for efficient management and reuse of cracking resources, eliminating the need to process the same raw .cap files multiple times.

For successful cracking with tools like aircrack-ng or hashcat, airolib-ng requires a complete 4-way handshake to be present in the captured .cap file. The tool can identify and help clean records with incomplete or corrupt handshakes, ensuring only viable data is used for further processing.

airolib-ng is an integral part of the aircrack-ng suite, which evolved from the original aircrack project. Its development has focused on enhancing the efficiency and management of WPA/WPA2 cracking resources, particularly the preparation of captured handshake data for dictionary attacks. It streamlined the process of converting raw .cap files into optimized formats needed by aircrack-ng and other cracking tools, improving the overall workflow for wireless security auditing.

aircrack-ng(1), airmon-ng(8), airodump-ng(1), aireplay-ng(1), hashcat(1), john(1)