• A successful attack in real-time

• • • mon-fix

This repo is a complete re-write of wifite and developed bynu11secur1ty, a Python script for auditing wireless networks.

w1fit3kAl1 runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

w1fit3kAl1 is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include:

1. WPS: The Offline Pixie-Dust attack
2. WPS: The Online Brute-Force PIN attack
3. WPA: The WPA Handshake Capture + offline crack.
4. WPA: The PMKID Hash Capture + offline crack.
5. WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.

Run w1fit3kAl1, select your targets, and w1fit3kAl1 will automatically start trying to capture or crack the password.

w1fit3kAl1 is designed specifically for the latest version of Kali Linux. ParrotSec is also supported.

Other pen-testing distributions (such as BackBox or Ubuntu) have outdated versions of the tools used by w1fit3kAl1. Do not expect support unless you are using the latest versions of the Required Tools, and also patched wireless drivers that support injection.

First and foremost, you will need a wireless card capable of "Monitor Mode" and packet injection (see this tutorial for checking if your wireless card is compatible and also this guide). There are many cheap wireless cards that plug into USB available from online stores.

Second, only the latest versions of these programs are supported and must be installed for w1fit3kAl1 to work properly:

Required:

• python: w1fit3kAl1 is compatible with both python2 and python3.
• iwconfig: For identifying wireless devices already in Monitor Mode.
• ifconfig: For starting/stopping wireless devices.
• Aircrack-ng suite, includes:
  • airmon-ng: For enumerating and enabling Monitor Mode on wireless devices.
  • aircrack-ng: For cracking WEP .cap files and WPA handshake captures.
  • aireplay-ng: For deauthing access points, replaying capture files, various WEP attacks.
  • airodump-ng: For target scanning & capture file generation.
  • packetforge-ng: For forging capture files.

Optional, but Recommended:

• tshark: For detecting WPS networks and inspecting handshake capture files.
• reaver: For WPS Pixie-Dust & brute-force attacks.
  • Note: Reaver's wash tool can be used to detect WPS networks if tshark is not found.
• bully: For WPS Pixie-Dust & brute-force attacks.
  • Alternative to Reaver. Specify --bully to use Bully instead of Reaver.
  • Bully is also used to fetch PSK if reaver cannot after cracking WPS PIN.
• coWPAtty: For detecting handshake captures.
• hashcat: For cracking PMKID hashes.
  • hcxdumptool: For capturing PMKID hashes.
  • hcxpcaptool: For converting PMKID packet captures into hashcat's format.

1. hcxdumptool:
apt install hcxdumptool

2. hcxpcaptool:
apt install hcxtools

3. https://github.com/nu11secur1ty/pyrit-installer

git clone https://github.com/nu11secur1ty/w1f1tEkal1.git
cd w1f1tEkal1
sudo ./w1fit3kAl1.py

• • • RECOMMENDED

python3 w1fit3kAl1.py --option

perl airmon/airmon.pl

To install onto your computer (so you can just run w1fit3kAl1 from any terminal), run:

sudo python3 setup.py install

• RECOMMENDED: Install locally and update it

git clone https://github.com/nu11secur1ty/w1f1tEkal1.git
python3 install_tools/update.py

This will install w1fit3kAl1 to /usr/sbin/w1fit3kAl1 which should be in your terminal path.

Note: Uninstalling is not as easy. The only way to uninstall is to record the files installed by the above command and remove those files:

sudo python3 setup.py install --record files.txt \
  && cat files.txt | xargs sudo rm \
  && rm -f files.txt

• PMKID hash capture (enabled by-default, force with: --pmkid)
• WPS Offline Brute-Force Attack aka "Pixie-Dust". (enabled by-default, force with: --wps-only --pixie)
• WPS Online Brute-Force Attack aka "PIN attack". (enabled by-default, force with: --wps-only --no-pixie)
• WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with: --no-wps)
• Validates handshakes against tshark, cowpatty, and aircrack-ng (when available)
• Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
• Automatically decloaks hidden access points while scanning or attacking.
  • Note: Only works when channel is fixed. Use -c <channel>
  • Disable this using --no-deauths
• 5Ghz support for some wireless cards (via -5 switch).
  • Note: Some tools don't play well on 5GHz channels (e.g. aireplay-ng)
• Stores cracked passwords and handshakes to the current directory (--cracked)
  • Includes information about the cracked access point (Name, BSSID, Date, etc).
• Easy to try to crack handshakes or PMKID hashes against a wordlist (--crack)

• Less bugs
  • Cleaner process management. Does not leave processes running in the background (the old w1fit3kAl1 was bad about this).
  • No longer "one monolithic script". Has working unit tests. Pull requests are less-painful!
• Speed
  • Target access points are refreshed every second instead of every 5 seconds.
• Accuracy
  • Displays realtime Power level of currently-attacked target.
  • Displays more information during an attack (e.g. % during WEP chopchop attacks, Pixie-Dust step index, etc)
• Educational
  • The --verbose option (expandable to -vv or -vvv) shows which commands are executed & the output of those commands.
  • This can help debug why w1fit3kAl1 is not working for you. Or so you can learn how these tools are used.
• More-actively developed.
• Python 3 support.
• Sweet new ASCII banner.