Skip to content
new WPS attack tool
C Shell
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Sep 13, 2015
README.md readme fix Sep 13, 2015
install.sh Adding files Sep 13, 2015
penetrator.c fix deadlock when waiting for beacon and received other packet Sep 13, 2015

README.md

penetrator-wps

This is experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time.
It utilizes the pixie-dust attack every time it receives M3 message, unless it is disabled with -P
pixie-dust requires pixiewps to be installed.

#installation

First, you need packages libpcap-dev and libssl-dev, install them with apt-get or whatever your distro uses.
If you want the pixie-dust attack to work, you have to install pixiewps too.
Then, just run ./install.sh and run 'penetrator'

cmd options

-h Display help
-i Set monitor mode device to use
-s Scan for WPS enabled APs
-c Set channel(s)
-e Set ESSID for next target specified with -b
-b Set target(s)
-A Scan for WPS APs and try pixiedust on all of them;
-M Disable attacking multiple APs at once (only -A)
-P Disable pixiewps after M3 is received
-D Disable loading sessions - starts new
-W Wait after every PIN attempt
-v verbose - print info about WPS messages etc
-vv verbose level 2 - print pixiewps data
-t Set time limit for scanning (default 10)
-T Set timeout - when it occurs, resend last packet (default 1)
-R Set maximum resends (default 5)\n");
-S Sleep after 10 failures in a row (default 60)
-N Ignore NACKs (debug)

attack modes/examples

1. Adding targets manually<
This command will attack two APs on channel 1 at the same time, one has BSSID 11:22:33:44:55:66 and second has ESSID "example" and BSSID66:55:44:33:22:11
penetrator -i mon0 -c 1 -b 11:22:33:44:55:66 -e example -b 66:55:44:33:22:11

2. Attacking entire channel
This will scan for APs on channel 1 and attack them all at the same time
penetrator -i mon0 -c 1

3. Attacking all APs in range with pixiewps
This will scan all specified channels (or range 1-13 if nothing is specified) and will try pixie-dust attack on all of them.
There is a timeout of 1 minute for every channel, so if it fails to capture M3 message from some APs, it will just skip them.
By default, all APs on the same channel will be attacked at the same time, this can be disabled with -M
penetrator -i mon0 -A

You can’t perform that action at this time.