Skip to main content

Overview

mdk4 is a frame injection tool for 802.11 networks. In wireless pentesting it is primarily used to brute force hidden SSIDs by sending probe requests with each name from a wordlist until the AP responds.

Install

sudo apt install mdk4

Usage

mdk4 <interface> <mode> [options]

Modes

ModeDescription
bBeacon flooding: spam fake APs
dDeauthentication / disassociation flood
pSSID probing and brute force
eEAPOL start/logoff packet injection
mMichael Countermeasures exploitation (TKIP shutdown DoS)
sAttacks for IEEE 802.11s mesh networks
aAuthentication DoS (floods APs with 802.11 auth frames)
fPacket fuzzer

SSID Brute Force (Mode p)

Used to discover hidden SSIDs when no client is connected to reveal the name via probe responses.
mdk4 <interface> p [options]
FlagDescription
-t <BSSID>Target AP MAC address
-f <wordlist>Wordlist of SSIDs to probe
-b <char>Use character set for brute force
-e <SSID>Try exact SSID
Example, brute force with prefixed wordlist:
# Build prefixed wordlist
cat ~/rockyou-top100000.txt | awk '{print "wifi-" $1}' > ~/wifi-wordlist.txt

# Lock interface to target channel first
sudo iwconfig wlan0mon channel 11

# Launch probe brute force
mdk4 wlan0mon p -t <BSSID> -f ~/wifi-wordlist.txt

Deauthentication Flood (Mode d)

mdk4 <interface> d [options]
FlagDescription
-w <file>Whitelist of MACs to skip
-b <file>Blacklist of MACs to target
-s <speed>Packets per second
-c <channel>Target channel