coWPAtty Download – Audit Pre-shared WPA Keys


coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.

coWPAtty Download - Audit Pre-shared WPA Keys


If you are auditing WPA-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK. Supply a libpcap capture file that includes the 4-way handshake, a dictionary file of passphrases to guess with, and the SSID for the network.

What is coWPAtty?

coWPAtty is the implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. coWPAtty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

coWPAtty Usage

Example:

Full Output:


This tool can also accept dictionary words from STDIN, allowing us to utilize a tool such as John the Ripper to create lots of word permutations from a dictionary file.

In the default configuration of John the Ripper, common permutations of dictionary words will be sent as potential passwords to coWPAtty.

This tool is based around the whitepaper by Robert Moskowitz:

Weakness in Passphrase Choice in WPA Interface

There are also the following to check out:

wifite – Mass Wifi WEP / WPA Key Cracking Tool
aircrack-ng – WEP and WPA-PSK Key Cracking Program
Reaver Download – Hack WPS Pin WiFi Networks

coWPAtty download

You can download coWPAtty here:

cowpatty-2.0.tgz

Or read more here.

Posted in: Wireless Hacking

,


Latest Posts:


HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.


Comments are closed.