fluxion

fluxion [-h | --help] [-l | --lang <language>] [--root] [--no-update] [--no-colors] [--attack <attack>] [--essid <essid>] [--bssid <bssid>] [--iface <iface>] [--check] [--install]

-h, --help
    Display usage information and exit

-l, --lang <language>
    Set interface language (e.g., en, es, fr)

--root
    Force root privileges check

--no-update
    Skip automatic update check

--no-colors
    Disable colored output

--attack <attack>
    Select attack mode by number (1-5) or name

--essid <essid>
    Specify target network ESSID

--bssid <bssid>
    Specify target network BSSID

--iface <iface>
    Select wireless interface manually

--check
    Verify system requirements and dependencies

--install
    Launch interactive installer for prerequisites

Fluxion is an open-source bash script suite for Linux that automates evil twin access point attacks to capture WPA/WPA2 WiFi passwords. It scans for nearby networks, creates a rogue AP mimicking the target, deauthenticates clients using aireplay-ng, and serves a fake captive portal prompting users to enter credentials.

The tool integrates hostapd for the AP, dnsmasq for DHCP/DNS, and other aircrack-ng utilities. Attack modes include basic deauth, handshake capture with password prompt, and advanced options like URL spoofing. Users select targets interactively via menu or specify via CLI.

Primarily for penetration testing and security audits, it requires a compatible wireless adapter supporting monitor mode and packet injection. Commonly run on Kali Linux with root privileges. Fluxion supports multiple languages and includes an installer for dependencies.

While effective against non-technical users, success depends on hardware, signal strength, and client behavior. Always obtain authorization before use to comply with laws.

Requires root access and wireless card with monitor/injection support.
Legal use only: unauthorized WiFi attacks are illegal.
May fail on modern clients with PMF or non-interactive reconnections.
Test in isolated environments to avoid interference.

Linux with bash; wireless adapter (e.g., Alfa AWUS036N); aircrack-ng suite; hostapd; dnsmasq. Kali/Parrot OS recommended.
git clone https://github.com/FluxionNetwork/fluxion

1: Classic (handshake + prompt)
2: FakeAP (no deauth)
3: Evil Portal
4: Handshake Snooper
5: Killer (combined)

Developed by whiteeagle in 2015 as an evolution of Linset/Wifiphisher. Maintained by FluxionNetwork on GitHub since 2016, with 10+ major releases adding SSL stripping, multi-language support, and Android compatibility. Over 5k stars, used in CTFs and pentests.

airmon-ng(8), airodump-ng(8), aireplay-ng(8), hostapd(8), dnsmasq(8)