WiFite is an automated wireless auditor tool for wireless penetration testing. It comes inbuilt for both Kali and BackTrack5.

Features of WiFite

  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, etc)
  • “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to wifite.py’s current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt
  • built-in updater: ./wifite.py -upgrade

Run WiFite

For Kali users

wifite

If you are on BackTrack, use the following commands

cd /pentest/wireless/wifite
./wifite.py

This will automatically scan and list all the access points available around you, sorted by signal strength.

WiFite – All WiFi networks in range

WiFite – All WiFi networks in range

Press Ctrl + C to stop scanning.

Attack

Choose the target and notice its number, listed in NUM, most left column. And enter that number.

WiFite – Cracking selected target

WiFite – Cracking selected target

Now, sit back relaxed and wait for the attack to complete. 😛
Generally, it takes around 5-10 minutes but sometimes it may take upto 15-20 minutes. If it takes more than that, restart WiFite and repeat the process.

As the process completes, It will display the password (also saved to a log file). Now you can have access to that network.

Some other WiFite Commands

To crack all WEP access points:

wifite -all -wep

To crack all WEP access points with signal strength greater than (or equal to) 50dB:

wifite -p 50 -wep

To attempt to crack WEP-encrypted access point “01ONOFF” endlessly (program will not stop until key is cracked or user interrupts with ^C):

wifite -e "01ONOFF" -wepw 0

To see entire list of available commands, type following commands:

wifite -help