Overview
Reaver attacks WPS by brute forcing the 8-digit PIN. The PIN is verified in two 4-digit halves, reducing the keyspace to ~11,000 combinations. Also supports Pixie Dust for offline PIN recovery on vulnerable chipsets.Install
Usage
| Flag | Description |
|---|---|
-i <iface> | Monitor mode interface |
-b <BSSID> | Target AP MAC address |
-c <channel> | Target channel |
-K 1 | Enable Pixie Dust attack |
-s <file> | Restore/resume a saved session (--session) |
-S | Use small DH keys (--dh-small) — not session resume |
-v / -vv | Verbose / extra verbose |
-d <sec> | Delay between PIN attempts |
--lock-delay <sec> | Wait after lockout detected |
--fail-wait <sec> | Wait after consecutive failures |
-p <PIN> | Try specific PIN |
-N | Don’t send NACK packets |
-L | Ignore AP lockouts |
Pixie Dust Attack
PIN Brute Force
Resume Session
/etc/reaver/<BSSID>.wpc.