Pyxiewps — Wireless Attack Tool
Pyxiewps is a wireless attack tool writen in python that uses reaver, pixiewps, macchanger and aircrack to retrieve the WPS pin of any vulnerable AP in seconds.
There are already a lot of tools, reaver included, that can attack an access point (AP) using the Pixie Dust vulnerability but this tool was made to do it automatically – fast and user friendly.
[adsense size='1']If the router is vulnerable, this script will use reaver and pixiewps to retrieve the AP password in 11 seconds.
jgilhutton
It enumerates all the APs with active WPS, tries to get the PKE, PKR, E-NONCE, R-NONCE, AUTHKEY, HASH1 and 2 using the patched version of reaver, then passes all that information to pixiewps program so that it can retrieve the WPS pin, and finally runs reaver again with the pin that pixiewps found to get the AP WPA password.
Usage
python pyxiewps-[LANGUAGE].py <arguments>
-p --use-pixie Once all the data is captured with reaver [False]
the script tries to get the WPS pin with pixiewps.
-a --airodump-time [time] Airodump spends this amount of time enumerating APs [3]
-t --time [time] Set the time used to get the hex data from the AP. [6]
-c --channel [channel] Set the listening channel to enumerate the WPS-active APs.
If not set, all channels are listened.
-P --prompt If more than one WPS-active AP is found, ask the user [False]
the target to attack.
-o --output [file] Outputs all the data into a file.
-f --pass If the WPS pin is found, the script uses reaver again to retrieve
the WPA password of the AP.
-q --quiet Doesn't print the AP information. Will print the WPS pin and pass if found.
-F --forever Runs the program on a While loop so the user can scan and attack a hole
zone without having to execute the program over and over again.
-A --again Target is attacked again in case of success without prompting the user.
-s --signal [-NUMBER] APs with RSSI lower than NUMBER will be ignored [-100]
A value of "-50" will ignore APs with RSSI between
-100 and -51 and will attack APs which RSSI goes from -50 to 0
-M --max-aps [number] Max amount of APs to be attacked.
-m --mode [mode] Set the mode preset. Any preset option can be override
by giving its argument and value on the commandline.
[adsense size='1']
Available modes:
WALK:
[-p] [-f] [-a 4] [-t 8] [-F] [-M 2]
Tries to get the WPS pin
4 seconds will be used to enumerate the APs
8 seconds will be used to fetch the AP information
Will try to get the password
The program will run in a while loop.
A max amount of 2 APs will be attacked
AP won't be atacked again if failed once
DRIVE:
[-p] [-t 10] [-F] [-M 1]
Tries to get the WPS pin
3 seconds will be used to enumerate the APs
10 seconds will be used to fetch the AP information
Won't try to get the password
The program will run in a while loop.
Only one AP will be attacked
AP won't be atacked again if failed once
STATIC:
[-p] [-f] [-a 5] [-t 10] [-P] [-O]
Tries to get the WPS pin
5 seconds will be used to enumerate the APs
10 seconds will be used to fetch the AP information
Will try to get the password
The program will run only once
User will be prompted for an AP to attack
AP will be atacked again if failed once
Eample
python pyxiewps-[LANGUAGE].py -p -t 6 -c 7 -P -o file.txt -f python pyxiewps-[LANGUAGE].py --use-pixie --time 6 --channel 7 --prompt --output file.txt --pass
pyxiewps -m DRIVE
Clone
git clone https://github.com/jgilhutton/pyxiewps.git
[adsense size='1']
Source && Download
Gloss