v1.0.0

First stable release.

Added

• SKA bootstrap attack (ska): a captured Shared-Key auth handshake seeds the shared PTW vote over the BSSID's pool and the recovery is credited to SKA, so keys_by_ska now reflects handshake-bearing cracks. It runs first but only when a handshake is present, and it bootstraps the statistical search rather than being a standalone cipher break.

Changed

• Parallel capture discovery -- a metadata-only directory walk followed by a parallel magic-filter, replacing the serial per-file open before ingest; traversal order is preserved, so the merged result stays deterministic.
• Lower ingest-time peak memory -- a BSSID's WEP attack material is boxed and allocated only for WEP networks, so the WPA/open/unknown majority of records stay small.
• Bounded diagnostics at scale -- --debug summarises the top WEP BSSIDs plus a one-line census and a periodic ingest heartbeat (not a line per BSSID or file); --log coalesces repeated identical events per file into a single count=N line.
• WEP summary lists every network at or above the WEP-40 unique-IV feasibility floor (or cracked) and collapses the thin tail into a count.
• Per-BSSID crack time -- the reported seconds is the wall-clock actually spent cracking a network, not the time from the start of the attack phase.
• Fair per-attack scheduling -- the per-BSSID time budget is split into an equal slice per runnable statistical attack, so a slow earlier attack can no longer starve PTW/KoreK/FMS/bias of their turn.
• --time-budget now defaults to 60s and bounds the statistical sweep and the brute grind alike; --time-budget 0 disables the cap (unlimited) for both.
• Reuse the packet data buffer across reads during ingest, avoiding a heap allocation per packet.

See the CHANGELOG for full details.

Passive and offline: WEPWolf reads capture files only -- it never captures traffic, injects frames, or touches a radio.

v0.1.0

WEPWolf is an offline, passive WEP key-recovery tool: point it at a pcap, pcapng, or gzip-compressed capture and it recovers the WEP key from the captured 802.11 traffic — no wordlist, no external cracker, no radio. It re-implements aircrack-ng's WEP attack family and every recovered key is differentially validated to match aircrack-ng on the captures in its test set. This is the first release.

Attacks

• The full passive family — PTW (Klein plus a Maitra-Paul second vote), KoreK (17 weighted correlations with FSE-2013 a_opt weighting), and FMS.
• The Sepehrdad "Smashing WEP" RC4-bias database (FSE 2013) — the complete bias table voted together, which aircrack-ng does not ship; it recovers a WEP-104 key from fewer packets than PTW alone.
• Dictionary and weak-key generators — each word tried as a raw key, a hex key, and through the Neesus-Datacom (40-bit) and MD5 (104-bit) passphrase generators.
• A gated 40-bit brute force as the last-resort fallback for thin captures.
• One acceptance path — every candidate key is confirmed by RC4-decrypting real frames and checking the CRC-32 ICV. There is no heuristic acceptance anywhere in the codebase.

Known-plaintext mining

• Destination-driven — reads the cleartext 802.11 destination MAC to pick the right known plaintext per frame: IPv6 Neighbor Discovery (sixteen reliable octets, WEP-104 reach), EAPOL, and confirmed IPv4 multicast/broadcast (mDNS / SSDP / IGMP / DHCP). This recovers frames aircrack-ng's known_clear mis-keys.
• WEP-104 from ordinary traffic — reconstructs known plaintext from the ARP and IPv4 headers, then pins the strong key octets and sweeps the weakest exhaustively.
• Per-WEP-key-slot cracking — a multi-key access point (Key ID 0–3) yields a verified key per slot, where a single BSSID-keyed vote table reports at most one.

Performance

• Parallel multi-file ingest — a directory of captures is parsed concurrently and merged deterministically; the result is byte-for-byte identical regardless of thread count, with peak memory bounded by the WEP material rather than the input size.
• SIMD — PCLMULQDQ CRC-32 and a batched-RC4 known-plaintext prefilter for the brute kernel (about 4× the scalar grind), with runtime tier detection (SSE2 → AVX-512) and a byte-exact scalar fallback on every tier.
• Sweep / grind scheduler — cheap attacks run BSSID-parallel, the 40-bit brute runs one network at a time on the full pool, and a key found on one network is reused against co-located access points that share it. A per-BSSID time budget (default 30 s) keeps one hard network from starving the run.

Output and interface

• Three surfaces, the same information — a column-aligned table (default), --plain (tab-separated key / wep / stat records), and --json (typed NDJSON). Each carries the recovered keys, a WEP-BSSID summary (most IVs first), then a stats banner that accounts for every packet read.
• aircrack-style flags — -b / -n / -f / -x / -c / -q / -w where they correspond.
• More — live progress bars, a hashcat-style --potfile, frame carving (--carve) that collapses a multi-file capture set into one re-crackable pcap, and --debug "why uncracked" diagnostics.

Passive and offline only

WEPWolf reads capture files you already have on disk. It never captures traffic, injects frames, or touches a radio. WPA and active attacks are out of scope.

Install

Download the binary for your platform below and put it on your PATH (chmod +x on Linux/macOS). A macOS universal binary covering both architectures is included.

Platform	Asset
Linux x86_64	wepwolf-linux-x86_64 (static, musl)
Linux arm64	wepwolf-linux-arm64 (static, musl)
macOS (Apple Silicon + Intel)	wepwolf-macos-universal
Windows x86_64	wepwolf-windows-x86_64-msvc.exe
Windows arm64	wepwolf-windows-arm64-msvc.exe

Verify

Every artifact is checksummed, the checksum file is cosign-signed (keyless), and each binary carries SLSA build provenance.

# checksums
sha256sum -c SHA256SUMS            # or: shasum -a 256 -c SHA256SUMS

# cosign signature on the checksum file (keyless)
cosign verify-blob SHA256SUMS \
  --signature SHA256SUMS.sig \
  --certificate-identity-regexp 'https://github.com/StrongWind1/WEPWolf/' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

# SLSA build provenance for a downloaded binary
gh attestation verify wepwolf-linux-x86_64 --repo StrongWind1/WEPWolf

Links

• Documentation: https://strongwind1.github.io/WEPWolf/
• How it compares to aircrack-ng: https://strongwind1.github.io/WEPWolf/comparison/
• Full changelog: https://github.com/StrongWind1/WEPWolf/blob/v0.1.0/CHANGELOG.md