Aircrack-ng

Aircrack-ng is a modular, command-line WiFi security auditing suite operating against 802.11a/b/g/n wireless LANs. Its toolset is organised around four disciplines: monitoring (airodump-ng for passive packet capture and network enumeration), attacking (aireplay-ng for deauthentication, ARP replay, chopchop, and fragmentation attacks via raw frame injection), testing (verifying adapter and driver capability for monitor mode and injection), and cracking (the aircrack-ng binary itself, which performs cryptanalytic key recovery). The suite requires a wireless adapter with a driver that exposes monitor mode and injection support.

WEP cracking leverages three statistical cryptanalytic methods: the original FMS (Fluhrer-Mantin-Shamir) attack, the improved KoreK attack, and the highly efficient PTW (Pyshkin-Tews-Weinmann) attack. Against WPA/WPA2-PSK, the approach shifts to capturing the four-way EAPOL handshake between a client and access point, then submitting it to offline dictionary or rule-based wordlist attacks. The suite integrates with GPU-acceleration tools like Hashcat for the cracking phase, while its native CPU cracking is multithreaded. Supporting utilities — airdecap-ng for decrypting captures, packetforge-ng for crafting custom frames, airbase-ng for rogue AP simulation — make the suite self-contained for most wireless audit workflows.

Aircrack-ng ships by default with Kali Linux, Parrot Security OS, BlackArch, and other penetration testing distributions. Its longevity (active since 2006), broad platform support, and coverage across attack phases have made it the most widely referenced open-source wireless security tool in both professional and academic contexts, with citations in CISA tooling references and standard network security curricula.