Airgeddon — Multi-Protocol WiFi Auditing

What is Airgeddon?

Airgeddon is a multi-use bash script that wraps the entire aircrack-ng suite and several other wireless tools into a single numbered interactive menu. Instead of memorizing individual commands for monitor mode, deauth attacks, handshake capture, and Evil Twin setups, Airgeddon guides you step-by-step through each attack. It automatically checks for and installs missing dependencies, handles interface management, and chains complex multi-tool workflows — making it one of the most beginner-accessible wireless auditing frameworks available, while still covering advanced attack types used by experienced testers.

⚠ Legal Notice

Only use on systems you own or have explicit written permission to test. Unauthorized use violates Pakistan's PECA 2016 and international cybercrime laws.

Installation

# Update packages
sudo apt update

# Install Airgeddon
sudo apt install airgeddon -y

# OR clone from GitHub (latest version)
git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git
cd airgeddon
sudo bash airgeddon.sh

# Airgeddon auto-checks and prompts to install missing tools on launch

Basic Usage

Airgeddon is entirely menu-driven — there are no flags to memorize. Launch it and follow the numbered prompts.

# Launch Airgeddon (must run as root)
sudo bash airgeddon.sh

# On startup, Airgeddon will:
# 1. Check all tool dependencies (aircrack-ng, hostapd, dnsmasq, etc.)
# 2. Prompt to install any missing ones
# 3. Ask you to select a wireless interface
# 4. Display the main menu

# Main menu options include:
# [2] Put interface in monitor mode
# [3] Put interface in managed mode
# [4] DoS attacks menu (deauth / beacon flood / PMKID)
# [5] Handshake / PMKID tools menu
# [6] Offline WPA/WPA2 decrypt menu
# [7] Evil Twin attacks menu
# [8] WPS attacks menu
# [9] WEP attacks menu

Key Attack Modules

DoS / Deauth — Disconnect clients from a target AP using deauthentication frames
Handshake Capture — Capture WPA/WPA2 4-way handshakes triggered by deauth
PMKID Attack — Clientless WPA2 attack — no handshake needed, works offline
Offline Cracking — Crack captured handshakes using wordlists via aircrack-ng or hashcat
Evil Twin — Rogue AP cloning the target SSID; captures credentials via captive portal
WPS Attacks — Pixie Dust and PIN brute-force against WPS-enabled routers via reaver
WEP Attacks — Full WEP cracking workflow (ARP replay, fragmentation, chopchop)
Enterprise Attacks — Fake RADIUS server to capture enterprise WPA credentials

Common Use Cases

Authorized wireless security audits of home and enterprise networks
CTF (Capture The Flag) competitions with wireless challenges
Learning wireless attack concepts through a guided interface
Internal red team wireless assessments

Tips & Best Practices

Airgeddon requires a wireless adapter that supports monitor mode and packet injection — built-in laptop adapters usually do not. Commonly recommended adapters include the Alfa AWUS036ACH and AWUS036NHA. Before running Evil Twin attacks, ensure you have a DHCP server and DNS configured — Airgeddon handles this automatically via dnsmasq and hostapd, but the target network must be within range throughout the attack.

Practice on legal targets like TryHackMe, HackTheBox, or hackzia.site labs before using in live engagements.