Skip to content
huitc edited this page Apr 13, 2019 · 1 revision
   .               .    
 .´  ·  .     .  ·  `.  wifite
 :  :  :  (¯)  :  :  :  automated wireless auditor
 `.  ·  ` /¯\ ´  ·  .´  https://github.com/derv82/wifite2
   `     /¯¯¯\     ´    

optional arguments:
  -h, --help             show this help message and exit

SETTINGS:
  -v, --verbose          Shows more options (-h -v). Prints commands and outputs. (default: quiet)
  -i [interface]         Wireless interface to use, e.g. wlan0mon (default: ask)
  -c [channel]           Wireless channel to scan (default: all 2Ghz channels)
  -5, --5ghz             Include 5Ghz channels (default: off)
  -mac, --random-mac     Randomize wireless card MAC address (default: off)
  -p [scan_time]         Pillage: Attack all targets after scan_time (seconds)
  --kill                 Kill processes that conflict with Airmon/Airodump (default: off)
  -b [bssid]             BSSID (e.g. AA:BB:CC:DD:EE:FF) of access point to attack
  -e [essid]             ESSID (e.g. NETGEAR07) of access point to attack
  -E [text]              Hides targets with ESSIDs that match the given text
  --clients-only         Only show targets that have associated clients (default: off)
  --showb                Show BSSIDs of targets while scanning
  --nodeauths            Passive mode: Never deauthenticates clients (default: deauth targets)
  --num-deauths [num]    Number of deauth packets to send (default: 1)

WEP:
  --wep                  Show only WEP-encrypted networks
  --require-fakeauth     Fails attacks if fake-auth fails (default: off)
  --keep-ivs             Retain .IVS files and reuse when cracking (default: off)
  --pps [pps]            Packets-per-second to replay (default: 600 pps)
  --wept [seconds]       Seconds to wait before failing (default: 600 sec)
  --wepca [ivs]          Start cracking at this many IVs (default: 10000 ivs)
  --weprs [seconds]      Restart aireplay if no new IVs appear (default: 11 sec)
  --weprc [seconds]      Restart aircrack after this delay (default: 30 sec)
  --arpreplay            Use ARP-replay WEP attack (default: on)
  --fragment             Use fragmentation WEP attack (default: on)
  --chopchop             Use chop-chop WEP attack (default: on)
  --caffelatte           Use caffe-latte WEP attack (default: on)
  --p0841                Use p0841 WEP attack (default: on)
  --hirte                Use hirte WEP attack (default: on)

WPA:
  --wpa                  Show only WPA-encrypted networks (includes WPS)
  --hs-dir [dir]         Directory to store handshake files (default: hs)
  --new-hs               Captures new handshakes, ignores existing handshakes in hs (default: off)
  --dict [file]          File containing passwords for cracking (default: /usr/share/dict/wordlist-top4800-probable.txt)
  --wpadt [seconds]      Time to wait between sending Deauths (default: 15 sec)
  --wpat [seconds]       Time to wait before failing WPA attack (default: 500 sec)

WPS:
  --wps                  Show only WPS-enabled networks
  --no-wps               Never use WPS PIN & Pixie-Dustattacks on targets (default: off)
  --wps-only             Only use WPS PIN & Pixie-Dust attacks (default: off)
  --pixie                Only use WPS Pixie-Dust attack (do not use PIN attack)
  --no-pixie             Never use WPS Pixie-Dust attack (use PIN attack)
  --bully                Use bully program for WPS PIN & Pixie-Dust attacks (default: reaver)
  --ignore-locks         Do not stop WPS PIN attack if AP becomes locked (default: stop)
  --wps-time [sec]       Total time to wait before failing PixieDust attack (default: 300 sec)
  --wps-fails [num]      Maximum number of WPSFail/NoAssoc errors before failing (default: 100)
  --wps-timeouts [num]   Maximum number of Timeouts before failing (default: 100)

PMKID:
  --pmkid                Only use PMKID capture, avoids other WPS & WPA attacks (default: off)
  --pmkid-timeout [sec]  Time to wait for PMKID capture (default: 30 seconds)

COMMANDS:
  --cracked              Print previously-cracked access points
  --check [file]         Check a .cap file (or all hs/*.cap files) for WPA handshakes
  --crack                Show commands to crack a captured handshake
Clone this wiki locally