← 返回命令列表

Linux command

reaver 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Scan for WPS-enabled access points

wash -i [wlan0mon]

Start WPS brute force attack

reaver -i [wlan0mon] -b [AA:BB:CC:DD:EE:FF] -c [channel] -vv

Attack with Pixie Dust

reaver -i [wlan0mon] -b [AA:BB:CC:DD:EE:FF] -c [channel] -K -vv

Resume a previous session

reaver -i [wlan0mon] -b [AA:BB:CC:DD:EE:FF] -s [session_file]

Attack with custom delay

reaver -i [wlan0mon] -b [AA:BB:CC:DD:EE:FF] -d [5] -vv

说明

reaver performs brute force attacks against Wi-Fi Protected Setup (WPS) to recover WPA/WPA2 passphrases. WPS uses an 8-digit PIN that can be attacked in two halves, reducing the maximum attempts to approximately 11,000 combinations. The attack exploits a design flaw in WPS where the access point validates the PIN in two stages, allowing an attacker to determine when the first half is correct before attempting the second half. The Pixie Dust attack (-K) is an offline attack that exploits weak random number generation in certain chipsets (Ralink, Broadcom, Realtek), potentially recovering the PIN in seconds without brute forcing. The companion tool wash scans for WPS-enabled access points and identifies potential targets, including those vulnerable to Pixie Dust.

参数

-i _interface_
Wireless interface in monitor mode
-b _bssid_
Target access point MAC address
-c _channel_
Channel of target access point
-K
Perform Pixie Dust offline attack
-vv
Verbose output (use multiple v for more detail)
-d _seconds_
Delay between PIN attempts (default: 1)
-l _seconds_
Lock delay after WPS lock detected (default: 60)
-s _file_
Save/restore session to/from file
-p _pin_
Use specified 4 or 8 digit WPS pin
-N
Do not send NACK packets when errors occur
-T _seconds_
M5/M7 timeout period (default: 0.20)
-t _seconds_
Receive timeout period (default: 5)

FAQ

What is the reaver command used for?

reaver performs brute force attacks against Wi-Fi Protected Setup (WPS) to recover WPA/WPA2 passphrases. WPS uses an 8-digit PIN that can be attacked in two halves, reducing the maximum attempts to approximately 11,000 combinations. The attack exploits a design flaw in WPS where the access point validates the PIN in two stages, allowing an attacker to determine when the first half is correct before attempting the second half. The Pixie Dust attack (-K) is an offline attack that exploits weak random number generation in certain chipsets (Ralink, Broadcom, Realtek), potentially recovering the PIN in seconds without brute forcing. The companion tool wash scans for WPS-enabled access points and identifies potential targets, including those vulnerable to Pixie Dust.

How do I run a basic reaver example?

Run `wash -i [wlan0mon]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -i _interface_ do in reaver?

Wireless interface in monitor mode