besside-ng-crawler

besside-ng-crawler [-h] [-i INTERFACE] [-l LOGFILE]

-h, --help
    Show help message and exit

-i INTERFACE, --interface=INTERFACE
    Capture interface name
Default: wlan0

-l LOGFILE, --logfile=LOGFILE
    Log file name
Default: crawl-YYYYMMDD_HHMMSS.log

The besside-ng-crawler is a utility from the Aircrack-ng suite used for passively scanning and logging nearby wireless access points (APs). It monitors a wireless interface in monitor mode, capturing details like BSSID, ESSID, channel, encryption capabilities (WEP/WPA/WPA2), privacy flags, signal power, beacon count, and IV statistics. Output is saved to a timestamped log file (default: crawl-YYYYMMDD_HHMMSS.log), formatted for direct use with besside-ng via the -f option.

This tool excels in stealthy reconnaissance, avoiding active probes or deauthentications. Ideal for pre-audit network mapping in penetration testing or security assessments. It detects open, encrypted, and hidden networks without associating or generating traffic, minimizing detection risk. Logs are pipe-delimited for easy parsing or import into other tools.

Requires root privileges and a compatible wireless card in monitor mode (e.g., via airmon-ng). Commonly paired with besside-ng for automated WPA/PMKID capture workflows.

Requires monitor-mode interface and root access. Passive only; no channel hopping or filtering. Logs all detected APs continuously until interrupted.

BSSID|ESSID|Channel|Capa|Privacy|Power|Beacons|IVs|LAN IP|ID_len|FromDS|New|
Example: 00:11:22:33:44:55|MyNetwork|6|IBSS,TSF|OPN|-45|123|0||0|0|no

airmon-ng start wlan0
besside-ng-crawler -i wlan0mon -l aps.log
^C (interrupt)
besside-ng -f aps.log -i wlan0mon

Introduced in Aircrack-ng 1.1 (2011) as companion to besside-ng for passive WPA cracking. Enhanced in later releases for PMKID support and log formatting.

besside-ng(1), airodump-ng(1), airmon-ng(1), aircrack-ng(1)