> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# air-hammer

> WPA Enterprise online brute force tool: tests credentials directly against a live 802.1X access point.

## Overview

air-hammer performs online brute force and password spraying against WPA Enterprise networks. It requires a known username (with domain prefix) and tests passwords one by one against the live AP.

Used when a valid domain username is already known (from EAP identity capture or other recon) and the goal is to recover their password.

***

## Install

```bash theme={"dark"}
git clone https://github.com/Wh1t3Rh1n0/air-hammer.git
cd air-hammer
# no requirements.txt — the only dependency is wpa_supplicant
pip3 install wpa_supplicant
```

***

## Usage

```
./air-hammer.py [options]
```

***

## Common Flags

| Flag            | Description                               |
| --------------- | ----------------------------------------- |
| `-i <iface>`    | Wireless interface (managed mode)         |
| `-e <SSID>`     | Target network SSID                       |
| `-u <file>`     | Username file (one per line, with domain) |
| `-p <file>`     | Password wordlist                         |
| `-P <password>` | Single password (for spray)               |

***

## Brute Force Known Username

```bash theme={"dark"}
echo 'DOMAIN\username' > target.user
./air-hammer.py -i wlan1 -e <SSID> -p ~/rockyou-top100000.txt -u target.user
```

***

## Password Spray

Test one password across many usernames, useful to avoid lockouts:

```bash theme={"dark"}
# Prepend domain to each username
cat ~/usernames.txt | awk '{print "DOMAIN\\" $1}' > ~/domain-users.txt

./air-hammer.py -i wlan1 -e <SSID> -P <PASSWORD> -u ~/domain-users.txt
```
