Aircrack-ng is a complete suite of tools to assess WiFi network security.
It focuses on different areas of WiFi security:
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.
Aircrack-ng 1.4
It focuses a lot on code quality and adds a few visible features:
PMKID
On routers with 802.11i/p/r, the AP can cache an “ID” for the connection so roaming clients don’t have to waste frames reauthenticating and just use the PMKID, which helps decrease a bit the latency (from 6 frames to only 2).
Calculation is of the PMKID is done this way:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | BSSID | STA MAC)
A big advantage here is that this PMKID is present in the first EAPoL frame of the 4-way handshake.
A few caveats about this attack:
When loading a PCAP, Aircrack-ng will detect if it contains a PMKID. In the following screenshot, it is present for the network ogogo, notice the “with PMKID” on the same line:
When selecting the network, it will use it as if it were a regular PCAP with a handshake (and thus the wordlist requirement applies).
If you’d like to test, two capture files with PMKID are available this test files:
More info: <https://aircrack-ng.blogspot.com/2018/09/aircrack-ng-14.html>
Install
git clone https://github.com/aircrack-ng/aircrack-ng
cd aircrack-ng
./autogen.sh
make
make install
cd src/
aircrack-ng
Download Aircrack-ng
*[ng]: Next generation