fluxion

fluxion

--version
    Displays the version of fluxion.

--help
    Displays the help menu with available options.

Without arguments
    Runs fluxion in interactive mode, guiding the user through each step of the attack.

Fluxion is a security auditing and social engineering tool that automates the process of recovering WPA/WPA2 keys by performing a Man-in-the-Middle (MitM) attack. It essentially forces nearby wireless clients to disconnect from their legitimate access point (AP) and connect to a rogue AP controlled by the attacker. Once connected to the rogue AP, clients are presented with a fake login page, prompting them to enter their WiFi password. If the password entered matches the correct password, the attacker gains access to the real AP. The tool automates most of the steps involved in this attack, including handshake capture, deauthentication, rogue AP setup, and password verification.

It's important to remember that using Fluxion against networks you do not own or have explicit permission to test is illegal and unethical. It should only be used for authorized penetration testing or security auditing on networks you have permission to test.

Fluxion's success depends on various factors, including the signal strength of the target AP, the number of clients connected to the AP, the effectiveness of the deauthentication attack, and the user's awareness. Clients who are security-conscious may be less likely to fall for the fake login page. It is also detectable by security appliances.

It is crucial to emphasize that Fluxion, like any security tool, should only be used for ethical and legal purposes. Unauthorized use against networks or systems constitutes a serious crime with potentially severe consequences. Always obtain explicit permission before conducting any security assessments.

The Rogue AP used by Fluxion can be detected by network intrusion detection systems or by manually inspecting the BSSID and other parameters of the Wi-Fi network. Clients can also potentially detect the attack by noticing that the captive portal is not HTTPS, or that the certificate presented by the portal is invalid.

aircrack-ng(1), aireplay-ng(1), mdk3(1), hostapd(8), dnsmasq(8)