Request a Demo Contact Us
Bugcrowd Introduces Continuous Attack Surface Penetration Testing
Learn More

Aircrack-ng

Aircrack-ng is a software suite for analyzing and hacking WiFi networks. Aircrack-ng functionality includes:

  • Monitoring through packet capture and export of data to text files. 
  • Attacking through deauthentication or fake access points.
  • Testing by checking WiFi cards and driver capabilities.
  • Cracking various security standards such as WEP, WPA PSK (WPA 1 and 2).

Aircrack-ng is one of the penetration tester “tools of choice” available for cracking WEP and WPA-PSK in Windows. Aircrack-ng breaks WEP through the use of statistical mathematical analysis. Aircrack-ng breaks  WPA PSK and WPA2 using brute-force attack techniques against known passwords.

Aircrack-ng was initially released in 2006, and it was developed by a hacker known as Mister X. Aircrack-ng  was based on an earlier utility called Aircrack. As typical for many products, the “ng” in the name stands for next generation. 

Aircrack-ng is one of the penetration testing tools that are built into Kali Linux. Aircrack-ng is openly available for free, so selecting it is an easy decision. There are versions for Windows, Unix, Linux, and macOS. Sometimes users have noted that it might be difficult to install and get used to due to the lack of a graphic user interface. 

Aircrack-ng has been around for some time and uses a command-line interface. This may be cumbersome for some users, but once you get past the lack of a graphical user interface you can still successfully leverage the very substantial capability of Aircrack-ng.

Aircrack-ng Setup

This overview requires linux. The aircrack-ng.org website notes that a Windows version exists, but it is very difficult to use.

The setup really requires two basic steps before you start using the aircrack-ng suite:

  • Identifying the chipset in your wireless card; and,
  • Specifying which of the three options you will use to run the aircrack-ng suite.

You must identify the chipset which your current wireless card contains. Even for supported chipsets, some of the functions may not work completely as expected. Once you have determined the chipset in your wireless card then you must determine if the chipset is compatible with the aircrack-ng suite. Then you will know which software drives are compatible with the particular wireless card. 

There are generally two manufacturers involved with wireless cards. The first is the brand of the card itself. The second manufacturer is the one that makes the wireless chipset within the card. It is very important to know the wireless chipset manufacturer. Then you can determine which operating systems are supported, which software drivers are required, and any limitations associated with them. 

There are a large number of linux distributions available that will support the aircrack-ng suite.

Components of Aircrack-ng

Aircrack-ng is composed of several individual utilities. Some of these are highlighted here:

  • Airbase-ng implements attacks on wireless clients. This tool incorporates handshake capture, packet manipulation, and traffic injection attacks as well as others.
  • Airdecap-ng is a decryption tool that works on files with a known decryption key.
  • Makeivs-ng creates an IVS file, given a WEP key, for use in test scenarios.
  • Packetforge-ng encrypts packets that follow the encryption system used in a stream and transmits those packets.
  • Tkiptun-ng uses QoS channels to inject a small number of frames into a WPA TKIP-guarded network.
  • Wesside-ng is the central cracking module that determines the encryption key needed to access a WEP-protected network.
  • Airdecloak-ng removes WEP cloaking from a pcap file.
  • Aireplay-ng is a packet injector that enables the user to send packets out onto the network.
  • Airmon-ng manages the network card.
  • Airodump-ng module is a pcap processor that transfers read-in packets into pcap or IVS format. Then airodump-ng writes them to a file. 
  • Airolib-ng manages lists of ESSIDs and passwords for use in encryption and authentication/credentials cracking.
  • Airserv-ng allows access to the wireless NIC from other computers.
  • Airtun-ng is a tunneling system for wireless transmissions. Note this only works on linux.
  • Buddy-ng is a receiver program that works with easside-ng. 
  • Easside-ng sends out transmissions over a WEP network without using the encryption system of the network. 
  • Kstats shows the FMS algorithm votes for an IVS dump. 
  • Aircrack-ng is the primary core module which cracks both WEP and WPA  encryption keys.

Aircrack-ng documentation

Please refer to the Aircrack-ng website for complete and up-to-date documentation.

Competitive positioning

There exist a multitude of alternatives to Aircrack-ng. They include:

  • Trackerjacker;
  • EAPHammer; 
  • Wifiphisher;
  • Wireshark;
  • Airgeddon; and, 
  • Acrylic WiFi.

Want to learn more?

Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help!

Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.