besside-ng

besside-ng [options] interface

-h, --help
    Display help message and exit.

-v
    Enable verbose output for detailed logging.

-w wordlist
    Specify wordlist file for automatic WPA/WPA2 PSK cracking on handshake capture.

-W prefix
    Set prefix for generated capture files (default: session identifier).

-s essid
    Target specific ESSID; auto-selects matching BSSID.

-S channel
    Scan or lock to specific channel (0 for all channels).

-f
    Enable WPS PIN fuzzing attacks.

-y
    Perform Pixie Dust attack on vulnerable WPS implementations.

-z
    Launch WPS PIN brute-force attack.

-x num
    Number of PMKID candidates to capture (default: 1).

-o pcapfile
    Output merged PCAPNG file for captures.

-H
    Hunt additional targets in background while attacking primary.

-t timeout
    Set timeout in seconds for attack phases (default: 10).

-n
    Disable deauthentication packet transmission.

-4
    Force WPA handshake capture mode.

-5
    Force PMKID capture mode (WPA2).

besside-ng is a powerful component of the Aircrack-ng suite for wireless network auditing. It automates the discovery, targeting, and exploitation of WPA/WPA2 and WPS-enabled access points using a single wireless interface in monitor mode. The tool continuously scans for networks, deauthenticates clients to capture WPA handshakes or PMKIDs, and launches attacks like Pixie Dust or brute-force on WPS PINs. Upon successful capture, it can crack pre-shared keys (PSKs) using a provided wordlist.

Key capabilities include background target hunting, configurable timeouts, and output of PCAP files for offline analysis with aircrack-ng. It supports selective targeting by ESSID or channel, verbose logging, and options to disable certain packet injections. Ideal for penetration testing authorized networks, it requires no manual intervention for full attack cycles but demands root privileges and compatible hardware.

Usage emphasizes ethical application: only on networks you own or have explicit permission to test, as it generates disruptive deauth packets.

Requires monitor-mode interface (use airmon-ng). Root privileges needed. Disrupts networks via deauths; use only on authorized targets to avoid illegality. Incompatible with some modern chipsets. No WPA3 support.

besside-ng -w /path/to/wordlist wlan0mon
Monitors wlan0mon, captures handshakes, cracks with wordlist.

besside-ng -y -z -f wlan0mon
Pixie Dust, brute-force, and fuzz WPS on detected APs.

Introduced in Aircrack-ng 1.1 (2013) to automate airodump-ng + aireplay-ng workflows. Evolved from community contributions for WPS/PMKID efficiency; maintained in Aircrack-ng project since 2005 origins.

airodump-ng(8), aireplay-ng(8), aircrack-ng(1), airmon-ng(8), reaver(1)