Skip to content

Referencia CLI

Jump to bottom
André Henrique edited this page Jun 8, 2026 · 1 revision

Idioma: Português (pt-BR) | English: CLI-Reference

Referência CLI

Referência completa de comandos para o shell interativo do WirelessXPL-Forge.

Comandos Principais

use <module>

Carrega um módulo pelo seu caminho completo.

wxf > use generic/wifi_lab/handshake_snooper
wxf (HandshakeSnooper) >

Autocompletar com Tab está disponível para caminhos de módulos.

show modules

Lista todos os módulos disponíveis.

wxf > show modules

Available modules (329+):

  generic/automotive/can_bus_attack
  generic/automotive/mercedes_mbux_bt_rce_cve_2023_37462
  generic/bluetooth/ble_btlejack
  generic/bluetooth/ble_crackle
  generic/bluetooth/ble_gatt_enum_unauth
  generic/bluetooth/ble_spoofing_impersonation
  generic/bluetooth/blueborne_attack
  generic/bluetooth/bt_baseband_attack
  generic/bluetooth/bt_hid_injection
  generic/bluetooth/bt_session_attack
  generic/bluetooth/knob_native_cve_2019_9506
  generic/bluetooth/sweyntooth/sweyntooth_cve_2019_16336
  generic/bluetooth/sweyntooth/sweyntooth_cve_2019_17517
  generic/bluetooth/sweyntooth/sweyntooth_scanner
  generic/cve/krack_attack
  generic/cve/pmkid_attack
  generic/cve/ssid_confusion
  generic/cve/zigbee_attack
  generic/drones/drone_scanner
  generic/drones/dji/dji_deauth
  generic/drones/dji/dji_quicktransfer_exfil_cve_2023_6951
  generic/drones/dji/dji_wifi_scan
  generic/drones/fpv/eachine_e52_tcp_takeover
  generic/drones/holystone/hsrid01_ble_dos_cve_2024_52876
  generic/drones/mavlink/mavlink_flood_dos
  generic/drones/mavlink/mavlink_force_disarm
  generic/drones/mavlink/mavlink_gps_spoof
  generic/drones/mavlink/mavlink_param_dump
  generic/drones/mavlink/mavlink_scanner
  generic/drones/mavlink/mavlink_waypoint_inject
  generic/drones/parrot/parrot_anafi_deauth_cve_2019_3944
  generic/evidence_vault/evidence_vault
  generic/external/airgeddon_bridge
  generic/external/bruce_serial_bridge
  generic/external/eaphammer_bridge
  generic/external/mdk4_bridge
  generic/external/wireless_tool_prereq_audit
  generic/external/wifiphisher_bridge
  generic/iot_proto/coap_resource_enum
  generic/iot_proto/mqtt_broker_enum_inject
  generic/lateral_iot/arp_spoof_iot_pivot
  generic/lorawan/lorawan_join_replay
  generic/maritime/ais_spoof
  generic/maritime/nmea_spoof
  generic/pcap/pcap_eapol_survey
  generic/pcap/pcap_handshake_extractor
  generic/pcap/pcap_pmkid_extractor
  generic/pcap/pcap_sql_workspace
  generic/session_manager/session_manager
  generic/subghz/br_gate_scanner
  generic/subghz/debruijn_bruteforce
  generic/subghz/ev1527_vehicle_cve_2025_70994
  generic/subghz/keeloq_decoder
  generic/subghz/keeloq_replay
  generic/subghz/static_code_replay
  generic/subghz/subghz_jammer
  generic/subghz/tools/ook_analyzer
  generic/subghz/tpms/tpms_decoder
  generic/subghz/tpms/tpms_spoof
  generic/vehicular_radar/fmcw_radar_attack
  generic/vehicular_radar/traffic_enforcement_scanner
  generic/wardrive/wardrive_logger
  generic/wearables/xiaomi_miband_ble_breakmi
  generic/wifi_lab/adaptive_harvest
  generic/wifi_lab/auth_flood
  generic/wifi_lab/beacon_flood
  generic/wifi_lab/captive_portal_modern_lab
  generic/wifi_lab/evil_twin_workflow
  generic/wifi_lab/fragattacks
  generic/wifi_lab/fragattacks/fragattacks_cve_2020_26140
  generic/wifi_lab/fragattacks/fragattacks_cve_2020_26141
  generic/wifi_lab/fragattacks/fragattacks_cve_2020_26143
  generic/wifi_lab/fragattacks/fragattacks_scanner
  generic/wifi_lab/gps_wardriving_ndjson
  generic/wifi_lab/handshake_snooper
  generic/wifi_lab/krack/krack_4way_retransmit
  generic/wifi_lab/krack/krack_group_key_retransmit
  generic/wifi_lab/krack/krack_scanner
  generic/wifi_lab/mitm_wifi_bridge
  generic/wifi_lab/momo_integrated_attack
  generic/wifi_lab/wardriving_deauth_loop
  generic/wifi_lab/wifi_kr00k_cve_2019_15126
  generic/wifi_lab/wifi_sniffer
  generic/wifi_lab/wireless_ids
  generic/wifi_lab/wpa3_attack_suite
  generic/wids/wifi_ids
  generic/zwave/zwave_replay_attack
  generic/zwave/zwave_s0_key_extract

show options

Exibe todas as opções do módulo carregado atualmente.

wxf (HandshakeSnooper) > show options

Module: generic/wifi_lab/handshake_snooper
Description: PMKID-first + deauth handshake capture pipeline

Options:
  Name             Current  Required  Description
  ----             -------  --------  -----------
  INTERFACE        wlan0mon yes       Monitor mode interface
  TARGET_BSSID              yes       Target AP BSSID (AA:BB:CC:DD:EE:FF)
  TARGET_ESSID              no        Target AP SSID (optional filter)
  CHANNEL          0        no        Lock to channel (0 = all)
  CAPTURE_FILE     /tmp/capture.pcap no  Output PCAP path
  PMKID_FIRST      true     no        Try PMKID capture before deauth
  DEAUTH_COUNT     5        no        Deauth frames to send
  TIMEOUT          60       no        Capture timeout in seconds
  SIMULATE         false    no        Dry-run without transmitting

set <OPT> <value>

Define o valor de uma opção.

wxf (HandshakeSnooper) > set INTERFACE wlan0mon
[*] INTERFACE => wlan0mon

wxf (HandshakeSnooper) > set TARGET_BSSID AA:BB:CC:DD:EE:FF
[*] TARGET_BSSID => AA:BB:CC:DD:EE:FF

unset <OPT>

Restaura uma opção ao seu valor padrão.

wxf (HandshakeSnooper) > unset CHANNEL
[*] CHANNEL reset to default (0)

check

Verifica se o alvo está acessível e potencialmente vulnerável antes de executar.

wxf (HandshakeSnooper) > check

[*] Checking target AA:BB:CC:DD:EE:FF...
[+] AP visible on channel 6 | RSSI: -58 dBm
[+] Security: WPA2-PSK (CCMP)
[+] PMKID available: yes
[*] Target appears reachable. Ready to run.

run

Executa o módulo carregado com as opções atuais.

wxf (HandshakeSnooper) > run

[*] Starting handshake capture on wlan0mon
[*] Target: AA:BB:CC:DD:EE:FF (HomeWifi) ch6
[*] Attempting PMKID capture...
[+] PMKID captured: 4d4f4e4f3a3a3a3a...
[*] Saving to /tmp/capture.pcap
[+] Capture complete. Use hashcat -m 22000 to crack.

back

Descarrega o módulo atual e retorna ao prompt principal.

wxf (HandshakeSnooper) > back
wxf >

search <keyword>

Busca módulos por nome, descrição ou tag de dispositivo.

wxf > search bluetooth

  generic/bluetooth/ble_btlejack           BTLEJack BLE sniff/jam/hijack
  generic/bluetooth/ble_crackle            BLE Legacy Pairing key recovery
  generic/bluetooth/ble_gatt_enum_unauth   BLE GATT enumeration without auth
  generic/bluetooth/blueborne_attack       BlueBorne L2CAP overflow
  generic/bluetooth/bt_hid_injection       Bluetooth HID keyboard injection
  generic/bluetooth/bt_session_attack      KNOB, BIAS, BLUFFS session attacks
  ...

wxf > search CVE-2020

  generic/wifi_lab/fragattacks/fragattacks_cve_2020_26140  Plaintext injection
  generic/wifi_lab/fragattacks/fragattacks_cve_2020_26141  Fragment cache abuse
  generic/wifi_lab/fragattacks/fragattacks_cve_2020_26143  Mixed fragment acceptance
  generic/iot_proto/mqtt_broker_dos                        CVE-2020-... DoS

wxf > search device=drone

  generic/drones/drone_scanner
  generic/drones/mavlink/mavlink_scanner
  generic/drones/dji/dji_wifi_scan
  ...

info

Exibe informações detalhadas do módulo, incluindo descrição, referências e opções.

wxf (HandshakeSnooper) > info

  Name:        HandshakeSnooper
  Module:      generic/wifi_lab/handshake_snooper
  Version:     1.8.0
  Author:      Andre Henrique (@mrhenrike)
  License:     BSD-3-Clause

  Description:
    PMKID-first capture pipeline. Attempts clientless PMKID capture;
    falls back to deauth-triggered 4-way EAPOL handshake if PMKID
    is unavailable. Outputs PCAP compatible with hashcat -m 22000.

  References:
    https://hashcat.net/forum/thread-7717.html
    https://www.aircrack-ng.org/

  Options:
    [see 'show options']

sessions

Lista todas as sessões de módulo ativas.

wxf > sessions

Active sessions:

  ID  Module                    Status    Started             Target
  --  ------                    ------    -------             ------
   1  wids/wifi_ids             running   2026-06-08 08:00    wlan0mon
   2  wardrive/wardrive_logger  running   2026-06-08 08:05    wlan0mon

wxf > sessions -i 1
[*] Interacting with session 1 (WirelessIDS)

exit

Encerra o framework.

wxf > exit
[*] Goodbye.

Opções Globais

Estas opções podem ser definidas no nível do framework e se aplicam a todos os módulos, salvo sobrescrita por módulo.

wxf > set LOGLEVEL debug
[*] LOGLEVEL => debug (verbose output enabled)

wxf > set TIMEOUT 10
[*] TIMEOUT => 10 (connection timeout in seconds)

wxf > set THREADS 4
[*] THREADS => 4 (parallel execution threads)

wxf > set SIMULATE true
[*] SIMULATE => true (all modules will dry-run by default)
Opção Padrão Descrição
LOGLEVEL info Verbosidade de log: debug, info, warning, error
TIMEOUT 30 Timeout de rede/captura em segundos
THREADS 2 Threads paralelas para módulos do tipo scan
SIMULATE false Flag global de simulação (sobrescreve SIMULATE por módulo)
OUTPUT_DIR /tmp Diretório de saída padrão para capturas e exportações
SESSION_ID `` Identificador para o Evidence Vault e Session Manager

Tipos de Opções de Módulo

Tipo Exemplo Descrição
String set INTERFACE wlan0mon Texto livre
Boolean set SIMULATE true true ou false
Integer set TIMEOUT 30 Valor numérico
Float set FREQUENCY 433.92 Número decimal
Hex set CODE 0xA3F21B Hexadecimal (prefixo 0x)
BSSID set TARGET_BSSID AA:BB:CC:DD:EE:FF Endereço MAC
CIDR set TARGET_CIDR 192.168.1.0/24 Faixa de rede
File set WORDLIST /usr/share/wordlists/rockyou.txt Caminho do sistema de arquivos

Autocompletar com Tab

O shell WXF suporta autocompletar com Tab para:

  • Caminhos de módulos após use
  • Nomes de opções após set e unset
  • Caminhos de módulos após search 
wxf > use generic/sub<TAB>
  generic/subghz/
wxf > use generic/subghz/<TAB>
  static_code_replay  debruijn_bruteforce  keeloq_decoder  keeloq_replay  ...

Próximo: Ataques Wi-Fi | Ataques Sub-GHz | Segurança de Drones

Autor: André Henrique (@mrhenrike) | União Geek

WirelessXPL-Forge v1.8.0

Home-pt-BR | Home

Português (pt-BR)

Primeiros Passos

Ataques Wireless

Drones e UAV

Protocolos Especializados

Ferramentas de Pentest

Hardware

Clone this wiki locally