bully

Brute-force the WPS pin of an access point

$ bully -b "[mac]" -c "[channel]" -B "[interface]"

$ bully -h

bully [options] interface

bully is a WPS (Wi-Fi Protected Setup) brute-force attack tool that exploits vulnerabilities in the WPS protocol to recover the WPA/WPA2 passphrase. It attempts to crack the 8-digit WPS PIN through systematic guessing.
Before using bully, network information must be gathered using tools like airmon-ng and airodump-ng to identify the target's MAC address and channel.

-b, --bssid mac

Target access point MAC address

Target wireless channel

Enable brute-force mode

Display help information

Only use on networks you own or have explicit authorization to test. WPS attacks are detectable and may trigger lockouts. Many modern routers have WPS protections that limit attack effectiveness. Unauthorized use is illegal.

reaver(1), airmon-ng(8), airodump-ng(8)