Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
mdk4 is a frame injection tool for 802.11 networks. In wireless pentesting it is primarily used to brute force hidden SSIDs by sending probe requests with each name from a wordlist until the AP responds.
Install
Usage
mdk4 <interface> <mode> [options]
Modes
| Mode | Description |
|---|
b | Beacon flooding: spam fake APs |
d | Deauthentication / disassociation flood |
p | SSID probing and brute force |
e | Michael shutdown exploitation (TKIP) |
s | WPA handshake capture via deauth |
a | 802.1X authentication flood |
f | Packet fuzzer |
SSID Brute Force (Mode p)
Used to discover hidden SSIDs when no client is connected to reveal the name via probe responses.
mdk4 <interface> p [options]
| Flag | Description |
|---|
-t <BSSID> | Target AP MAC address |
-f <wordlist> | Wordlist of SSIDs to probe |
-b <char> | Use character set for brute force |
-e <SSID> | Try exact SSID |
# Build prefixed wordlist
cat ~/rockyou-top100000.txt | awk '{print "wifi-" $1}' > ~/wifi-wordlist.txt
# Lock interface to target channel first
sudo iwconfig wlan0mon channel 11
# Launch probe brute force
mdk4 wlan0mon p -t <BSSID> -f ~/wifi-wordlist.txt
Deauthentication Flood (Mode d)
mdk4 <interface> d [options]
| Flag | Description |
|---|
-w <file> | Whitelist of MACs to skip |
-b <file> | Blacklist of MACs to target |
-s <speed> | Packets per second |
-c <channel> | Target channel |