Aircrack-ng — WiFi Network Security Auditing Suite

Introduction

Aircrack-ng is a network security toolkit focused on WiFi security assessment. It provides tools for packet capture, deauthentication testing, WEP/WPA cracking, and wireless network analysis. It is a standard tool in penetration testing distributions and is used by security professionals to audit the strength of wireless network configurations.

What Aircrack-ng Does

• Captures raw 802.11 frames in monitor mode for offline analysis
• Cracks WEP keys using statistical attacks on captured initialization vectors
• Recovers WPA/WPA2 pre-shared keys by testing captured handshakes against wordlists
• Tests network resilience with deauthentication and fake access point injection
• Analyzes packet captures for reconnaissance and traffic pattern identification

Architecture Overview

Aircrack-ng is written in C with a modular design where each tool handles a specific function. Airmon-ng manages monitor mode interfaces, airodump-ng captures packets, aireplay-ng injects frames, and aircrack-ng performs key recovery. The cracking engine uses optimized PBKDF2-SHA1 implementations with SIMD acceleration (SSE2, AVX2) for WPA key derivation. Tools communicate via standard pcap capture files.

Self-Hosting & Configuration

• Available in most Linux distribution repositories and included in Kali Linux
• Requires a wireless adapter with monitor mode and packet injection support
• Builds from source with autotools; optional hwloc for CPU topology awareness
• No configuration files; all options are passed via command-line flags
• Works on Linux, FreeBSD, macOS, and Windows (with limited driver support)

Key Features

• WPA/WPA2 PSK cracking with dictionary and brute-force attacks
• PMKID-based attack for clientless WPA handshake capture
• WEP cracking via FMS, KoreK, and PTW statistical attacks
• Packet injection for deauthentication, fake authentication, and replay
• Integration with GPU cracking via Hashcat for accelerated WPA recovery

Comparison with Similar Tools

• Bettercap — broader network MITM framework; Aircrack-ng is specialized for WiFi-layer attacks
• Kismet — passive wireless detection and monitoring; Aircrack-ng adds active attack capabilities
• Wifite — automated WiFi auditing wrapper around Aircrack-ng and other tools
• Hashcat — GPU-accelerated hash cracking; often used alongside Aircrack-ng for WPA key recovery
• Reaver — focused on WPS PIN brute-forcing; Aircrack-ng covers the broader WiFi assessment workflow

FAQ

Q: What wireless adapters work with Aircrack-ng? A: Adapters with chipsets supporting monitor mode and injection, such as Atheros AR9271, Ralink RT3070, and Realtek RTL8812AU, are commonly recommended.

Q: Can it crack WPA3? A: WPA3 uses Simultaneous Authentication of Equals (SAE), which resists offline dictionary attacks. Aircrack-ng's WPA cracking targets WPA/WPA2 PSK handshakes.

Q: Is monitor mode required? A: Most offensive features require monitor mode. Some analysis and cracking operations can work on previously captured pcap files without live hardware.

Q: How long does WPA cracking take? A: Speed depends on the wordlist size and hardware. CPU-based cracking processes thousands of keys per second; GPU-accelerated cracking via Hashcat reaches millions per second.

Sources

• https://github.com/aircrack-ng/aircrack-ng
• https://www.aircrack-ng.org/