aircrack-ng

aircrack-ng provides a complete set of tools for 802.11 wireless network security assessment. The core aircrack-ng utility recovers WEP keys (40/104/256/512-bit) using optimized FMS attacks and PTW methods, while also supporting WPA/WPA2 cracking via dictionary attacks requiring 4-way handshakes. Supporting tools handle packet capture (airodump-ng), injection (aireplay-ng), monitor mode setup (airmon-ng), and visualization (airgraph-ng).

Use cases include wireless penetration testing, security auditing of enterprise WiFi deployments, educational demonstrations of 802.11 vulnerabilities, and red team operations targeting WPA networks with weak passphrases. The suite supports multi-processor optimization for faster cracking and integrates with databases like airolib-ng for precomputed PMK storage to accelerate repeated attacks.

It excels against legacy WEP networks through IV collection and statistical analysis but requires sufficient handshake captures for WPA-PSK brute-forcing. Tools like wpaclean filter captures for clean handshakes, while airdecap-ng decrypts traffic post-crack.

aircrack-ng suite operates on captured 802.11 frames in .cap/.pcap/.ivs formats. For WEP, it collects Initialization Vectors (IVs) and applies FMS/Korek/PTW statistical attacks to derive keystreams and recover keys via vote-based keybyte guessing. WPA-PSK mode requires a 4-way handshake (EAPOL messages), computes Pairwise Master Keys (PMKs) from passphrase+ESSID+nonce via PBKDF2-HMAC-SHA1, then tests against captured handshakes. Tools like aireplay-ng generate traffic/deauths for handshakes, airmon-ng enables monitor mode, airolib-ng precomputes PMK tables, and airgraph-ng visualizes AP-client graphs from CSV dumps.