The top Wi-Fi pen testing tools in Kali Linux 2.0

Kali Linux 2.0 is a significant release for what is arguably the top dog (or dragon) in the pen testing biz and its Wi-Fi testing tools are amongst the very best

kali linux logo

Last August Offensive Security released Kali Linux 2.0, the Linux distro that’s pretty much everybody’s favorite penetration-testing toolkit (if it’s not your favorite, let me know what you prefer). This release was, to borrow a word from the kool kids, epic. 

Kali Linux 2.0 is based on Debian 8 (“Jessie”) which means that it’s now using the Linux 4.0 kernel which has a sizable list of changes. The biggest change in version 2.0 is arguably the addition of rolling releases which means that all of the latest versions of the included packages will be available as normal updates thus future point releases will really be snapshots rather than completely new builds. 

But what’s really cool about Kali Linux 2.0 is that it runs on ARM systems including Chromebooks and, yes, the Raspberry Pi. And there’s one other thing that Kali Linux 2.0 brings to the virtual table; better Wi-Fi driver support. With that in mind and because readers of this blog have asked questions about Wi-Fi pen tools , here’s the top Kali Linux 2.0 Wi-Fi hacking … er, pen testing tools.

Wireshark display

Wireshark display 

Number 3: Wireshark “is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.Wireshark is one of the best network [protocol] analyzer tools available, if not the best. With Wireshark you can [analyze] a network to the greatest detail to see what’s happening. Wireshark can be used for live packet capturing, deep inspection of hundreds of protocols, browse and filter packets and is multi-platform.” Amongst Wireshark’s features are:

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis with powerful display filters
  • Captured network data can be browsed via a GUI or via the TTY-mode TShark utility
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, WildPackets EtherPeek/TokenPeek/AiroPeek … it’s a long list. You can also export to XML, PostScript®, CSV, or plain text
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2

Wifite display showing a successful WEP attack; it took 90 seconds.

Number 2: Wifite. If you want to mount an attack on multiple wireless networks using WEP/WPA/WPA2 and WPS you’re going to want to automate your assault which is what Wifite excels at:

  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to's current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt

Number 1:  Aircrack-ng. Without doubt, the 800-pound gorilla of Wi-Fi pen testing. Aricrack-ng is an powerful suite of tools for wireless password cracking, generating traffic, client de-authentication, packet capture, and setting up fake access points. Aircrack-ng’s tools are run from the command line which allows for heavy scripting and cover:

  • Monitoring: Packet capture and export of data to text files for further processing by third party tools.
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
  • Testing: Checking WiFi cards and driver capabilities (capture and injection).
  • Cracking: WEP and WPA PSK (WPA 1 and 2).

Comments? Thoughts? Suggestions? Send me feedback via email or comment below then follow me on Twitter and Facebook.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)