> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Wash

> Enumerate WPS-enabled access points and identify locked/unlocked targets for WPS attacks.

## Overview

Wash scans for WPS-enabled APs and reports their WPS version, lock status, and signal strength. Part of the `reaver` package.

***

## Install

```bash theme={"dark"}
sudo apt install reaver
```

***

## Usage

```
wash -i <interface> [options]
```

| Flag           | Description                                          |
| -------------- | ---------------------------------------------------- |
| `-i <iface>`   | Monitor mode interface                               |
| `-c <channel>` | Lock to channel                                      |
| `-5`           | Use 5 GHz 802.11 channels                            |
| `-s`           | Use scan mode (actively probe APs)                   |
| `-O <file>`    | Write packets of interest to a pcap file             |
| `-n <num>`     | Max probes to send each AP in scan mode (default 15) |

***

## Basic Scan

```bash theme={"dark"}
sudo wash -i wlan0mon
```

***

## Output Columns

| Column | Description             |
| ------ | ----------------------- |
| BSSID  | AP MAC address          |
| Ch     | Channel                 |
| dBm    | Signal strength         |
| WPS    | WPS version             |
| Lck    | Lockout active (Yes/No) |
| Vendor | Chipset vendor          |
| ESSID  | Network name            |

Target APs with `Lck: No`. Locked APs enforce rate limiting and will slow or block brute force attempts.

***

## Scan Specific Channel

```bash theme={"dark"}
sudo wash -i wlan0mon -c 6
```
