mdk3

mdk3 <interface> <mode> [mode_options]

b (Beacon Flood Mode)
    Floods the air with fake Wi-Fi beacons. Useful for creating confusion or advertising fake APs for honeypot purposes.
Common options: -f (load ESSIDs from a file), -g (generate random ESSIDs), -w (create WEP-encrypted beacons), -h (create hidden ESSIDs), -c (set channel).

a (Authentication Flood Mode)
    Floods a target access point with authentication requests. This can crash some APs or fill up their client tables.
Common options: -a (target BSSID), -m (load MACs from a file), -t (target specific client).

d (Deauthentication/Disassociation Flood Mode)
    Sends deauthentication or disassociation frames to specified clients, forcing them to disconnect from an access point. This is a common and effective DoS attack.
Common options: -a (target AP BSSID), -c (target client MAC address), -b (load blacklist of MACs to ignore).

p (Probe Request Flood Mode)
    Floods a target access point with probe requests. Useful for testing AP stability or generating traffic.
Common options: -e (ESSID to probe for), -r (probe request rate).

m (Exploit MDK3 modes)
    Tests various attacks and vulnerabilities in Wi-Fi infrastructure. This mode is more advanced and can vary in effectiveness.
Common options: -t (target BSSID), -r (replay rate).

w (WPA Handshake Capture Mode)
    Listens for WPA/WPA2 4-way handshakes to capture them for offline cracking. Often used in conjunction with deauthentication attacks to force handshakes.
Common options: -b (BSSID of target AP), -c (channel).

mdk3 is a command-line tool primarily used for wireless network penetration testing and denial-of-service (DoS) attacks. It leverages various techniques to disrupt Wi-Fi networks, test access point vulnerabilities, and generate large amounts of wireless traffic. Its capabilities include beacon flooding (creating fake access points), deauthentication/disassociation attacks (forcing clients off networks), brute-forcing hidden SSIDs, and various other jamming or flooding attacks. mdk3 requires a compatible wireless adapter that supports monitor mode and packet injection. Due to its powerful capabilities, it should only be used for legitimate security auditing purposes on networks you own or have explicit permission to test.

Using mdk3 can cause significant disruption to wireless networks. Its use on networks without explicit permission from the owner is illegal and unethical. Ensure your wireless adapter supports monitor mode and packet injection, as not all adapters are compatible. Development for mdk3 has been less active in recent years compared to other wireless tools.

To function correctly, mdk3 requires the wireless interface to be set into monitor mode. This is typically achieved using utilities like airmon-ng from the aircrack-ng suite, for example: airmon-ng start wlan0 which might create a monitor interface like wlan0mon or mon0.

mdk3 is a powerful tool designed for security auditing. Its misuse, such as performing DoS attacks on networks you do not own or have permission to test, is illegal and can lead to severe penalties. Always ensure you have explicit written consent before using mdk3 against any network.

mdk3 emerged as a prominent tool in the wireless penetration testing landscape, gaining popularity with older BackTrack Linux distributions (the predecessor to Kali Linux). It was developed by "Max_BC" and quickly became a staple for wireless security researchers due to its robust set of denial-of-service capabilities and frame injection attacks.

aircrack-ng(1), aireplay-ng(1), airodump-ng(1), airmon-ng(1), reaver(1), wash(1)