Aircrack-ng

User Tools

Site Tools

Trace:
aircrack-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
aircrack-ng [2018/07/11 20:30] – [Usage] Updated mister_xaircrack-ng [2018/07/11 20:52] – Reorganized options mister_x
Line 87: Line 87:
 You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding.  See [[aircrack-ng#other_tips|Other Tips]] for examples.  Also, you can run both [[airodump-ng]] and aircrack-ng at the same time: aircrack-ng will auto-update when new IVs are available. You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding.  See [[aircrack-ng#other_tips|Other Tips]] for examples.  Also, you can run both [[airodump-ng]] and aircrack-ng at the same time: aircrack-ng will auto-update when new IVs are available.
  
-Here's a summary of all available options:+=== Options === 
 +== Common options ==
  
 ^Option^Param.^Description^ ^Option^Param.^Description^
Line 97: Line 98:
 |-C|MACs|Long version - -combine.  Merge the given APs (separated by a comma) into virtual one.| |-C|MACs|Long version - -combine.  Merge the given APs (separated by a comma) into virtual one.|
 |-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.| |-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.|
 +
 +== Static WEP cracking options ==
 +
 +^Option^Param.^Description^
 |-c|//none//|(WEP cracking) Restrict the search space to alpha-numeric characters only (0x20 - 0x7F).| |-c|//none//|(WEP cracking) Restrict the search space to alpha-numeric characters only (0x20 - 0x7F).|
 |-t|//none//|(WEP cracking) Restrict the search space to binary coded decimal hex characters.| |-t|//none//|(WEP cracking) Restrict the search space to binary coded decimal hex characters.|
Line 105: Line 110:
 |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.| |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.|
 |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.| |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.|
-|-H|//none//|Long version - -help.  Output help information.| 
-|-K|//none//|Invokes the Korek WEP cracking method. (Default in v0.x)| 
 |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.|
-|-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.| 
-|-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key.  Outputs an error message if aircrack-ng has not been compiled with sqlite support.| 
 |-x/-x0|//none//|(WEP cracking) Disable last keybytes brutforce.| |-x/-x0|//none//|(WEP cracking) Disable last keybytes brutforce.|
 |-x1|//none//|(WEP cracking) Enable last keybyte bruteforcing (default).| |-x1|//none//|(WEP cracking) Enable last keybyte bruteforcing (default).|
 |-x2|//none//|(WEP cracking) Enable last two keybytes bruteforcing.| |-x2|//none//|(WEP cracking) Enable last two keybytes bruteforcing.|
 |-X|//none//|(WEP cracking) Disable bruteforce multithreading (SMP only).| |-X|//none//|(WEP cracking) Disable bruteforce multithreading (SMP only).|
 +|-s|//none//|Show the key in ASCII while cracking|
 |-y|//none//|(WEP cracking) Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs| |-y|//none//|(WEP cracking) Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs|
-|-u|//none//|Long form - -cpu-detect.  Provide information on the number of CPUs and MMX support.  Example responses to "aircrack-ng - -cpu-detect" are "Nb CPU detected: 2" or "Nb CPU detected: 1  (MMX available)".| +|-z|//none//|Invokes the PTW WEP cracking method (Default in v1.x)|
-|-w|words|(WPA cracking) Path to a wordlist or "-" without the quotes for standard in (stdin).| +
-|-z|//none//|Invokes the PTW WEP cracking method(Default in v1.x)|+
 |-P|number|Long version - -ptw-debug.  Invokes the PTW debug mode: 1 Disable klein, 2 PTW.| |-P|number|Long version - -ptw-debug.  Invokes the PTW debug mode: 1 Disable klein, 2 PTW.|
-|-K|//none//|Use KoreK attacks instead of PTW.|+|-K|//none//|Invokes the Korek WEP cracking method(Default in v0.x)|
 |-D|//none//|Long version - -wep-decloak.  Run in WEP decloak mode.| |-D|//none//|Long version - -wep-decloak.  Run in WEP decloak mode.|
-|-V|//none//|Long version - -visual-inspection.  Run in visual inspection mode.| 
 |-1|//none//|Long version - -oneshot.  Run only 1 try to crack key with PTW.| |-1|//none//|Long version - -oneshot.  Run only 1 try to crack key with PTW.|
 |-M|number|(WEP cracking) Specify the maximum number of IVs to use.| |-M|number|(WEP cracking) Specify the maximum number of IVs to use.|
-|-S|//none//|WPA cracking speed test.| +|-V|//none//|Long version - -visual-inspection.  Run in visual inspection mode.| 
-|-Z|sec|WPA cracking speed test execution length in seconds.| + 
-|-s|//none//|Show the key in ASCII while cracking|+== WEP and WPA-PSK cracking options == 
 + 
 +^Option^Param.^Description^ 
 +|-w|words|(WPA cracking) Path to a wordlist or "-" without the quotes for standard in (stdin).|
 |-N|file|Create a new cracking session and save it to the specified file.| |-N|file|Create a new cracking session and save it to the specified file.|
 |-R|file|Restore cracking session from the specified file.| |-R|file|Restore cracking session from the specified file.|
 +
 +== WPA-PSK options ==
 +
 +^Option^Param.^Description^
 |-E|file>|(WPA cracking) Create EWSA Project file v3.| |-E|file>|(WPA cracking) Create EWSA Project file v3.|
-|-J|file|(WPA cracking) Create Hashcat Capture file.| 
 |-j|file|(WPA cracking) Create Hashcat v3.6+ Capture file (HCCAPX).| |-j|file|(WPA cracking) Create Hashcat v3.6+ Capture file (HCCAPX).|
 +|-J|file|(WPA cracking) Create Hashcat Capture file.|
 +|-S|//none//|WPA cracking speed test.|
 +|-Z|sec|WPA cracking speed test execution length in seconds.|
 +|-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key.  Outputs an error message if aircrack-ng has not been compiled with sqlite support.|
 +
 +== SIMD Selection ==
 +
 +^Option^Param.^Description^
 |--simd|optimization|Use user-specified SIMD optimization instead of the fastest one.| |--simd|optimization|Use user-specified SIMD optimization instead of the fastest one.|
 |--simd-list|//none//|Shows a list of the SIMD optimizations available.| |--simd-list|//none//|Shows a list of the SIMD optimizations available.|
 +
 +== Other options ==
 +
 +^Option^Param.^Description^
 +|-H|//none//|Long version - -help.  Output help information.|
 +|-u|//none//|Long form - -cpu-detect.  Provide information on the number of CPUs and MMX support.  Example responses to "aircrack-ng - -cpu-detect" are "Nb CPU detected: 2" or "Nb CPU detected: 1  (MMX available)".|
 +
 ===== Usage Examples ===== ===== Usage Examples =====
 ==== WEP ==== ==== WEP ====
aircrack-ng.txt · Last modified: 2019/09/18 22:39 by mister_x