Skip to content
A collection of awesome resources related to 802.11 security, tools and other things
Branch: master
Clone or download
edelahozuah Update
Added WPA3's SAE Handshake attack
Latest commit 11e0b66 Apr 10, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information. Update Apr 10, 2019
wifi-security-footnotes Initial file Aug 31, 2016
wifi-security-references Initial file Aug 31, 2016


A collection of (not-so, yet) awesome resources related to 802.11 security, tools and other things

Table of Contents

TKIP Security

Practical attacks against WEP and WPA (2008)

An Improved Attack on TKIP (2009)

Cryptanalysis of IEEE 802.11i TKIP

Enhanced TKIP Michael Attacks (2010)

Plaintext Recovery Attacks Against WPA/TKIP (2013)

Practical verification of WPA-TKIP vulnerabilities (2013)

On the security of RC4 in TLS (USENIX, 2013)

All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (USENIX, 2015)

A Security Analysis of the WPA-TKIP and TLS Security Protocols (PhD Thesis, 2016)

Predicting and Abusing WPA2/802.11 Group Keys (2016)

WiFi Protected Setup (WPS)


Brute forcing Wi-Fi Protected Setup (2011)

An Investigation into the Wi-Fi Protected Setup PIN of the Linksys WRT160N v2 (2012)

Offline bruteforce attack on wifi protected setup (Pixie dust attack, 2014)


Pixiewps: An offline WPS bruteforce utility

Reaver-wps-fork-t6x: community edition of Reaver (which includes the Pixie Dust attack)

Bully: new implementation of the WPS brute force attack, written in C.

Online Cracking Services for PSK


Dragonblood: A Security Analysis of WPA3’s SAE Handshake (2019)



MITM Attack Model against eduroam (2013)

A Practical Investigation of Identity Theft Vulnerabilities in Eduroam (2015)

Server Certificate Practices in Eduroam (2015): Best practice document

Evil Twin Vulnerabilities in Wi-Fi Networks (Bachelor Thesis, 2016)

eduroam FreeRADIUS Docker

Authentication protocols that DO support hashed passwords (FreeRADIUS mailing list)

EAP-PWD: Extensible Authentication Protocol (EAP) Authentication Using Only a Password



Attacking automatic Wireless network selection (2005)

Why do Wi-Fi Clientes disclose their PNL for Free Still Today? (2015)

Instant KARMA might still gets you (2015)

Evil Twin

Infernal twin

Evil Twin vulnerabilities in Wi-Fi networks (Master Thesis, 2016)

Wireless Routers

Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers (WOOT, 2015) Keyspace List for WPA on Default Routers

Rogue AP


Manna from heaven: Improving the state of rogue AP attacks (2015):


hostapd-mana: hostapd with the attacks described in Defcon 22, and with the ability to rogue EAP access points.



Tracking unmodified smartphones using Wi-Fi monitors (2012)

Show me your SSIDs; I will show who you are (2012)

Signals from the Crowd: Uncovering Social Relationships through Smartphone Probe (2013, SIGCOM)

I know who you will meet this evening! Linking wireless devices using Wi-Fi probe requests (2012)

Is Your Android Device Telling the World Where You've Been? (2014)

How talkative is your mobile device?: an experimental study of Wi-Fi probe requests (2015)

MAC Adress Randomization

Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms (2016)

A Study of MAC Address Randomization in Mobile Devices and When it Fails (2017)

You can’t perform that action at this time.