WiFi Penetration Testing Tools

WiFi or wireless penetration testing is
an important aspect of any security audit project, organizations are
facing serious threats from their insecure WiFi network. A
compromised wifi puts the entire network at risks. Consider the
recent darkhotel attack, where the top business executives were the
target and the attacker were targeting them by hacking into the
insecure hotel WiFI network. The moral of the story is that, “the
organizations should include a WiFi penetration testing process in
their regular security procedure”.
There is the little difference between
a network vulnerability assessment tool and WiFi vulnerability scanners, so here is the quick list of the tools that could be very
useful while performing WiFi penetration testing.


Aircrack-ng is an 802.11 WEP and
WPA-PSK keys cracking program that can recover keys once enough data
packets have been captured. It implements the standard FMS attack
along with some optimizations like KoreK attacks, as well as the
all-new PTW attack, thus making the attack much faster compared to
other WEP cracking tools. In fact, Aircrack-ng is a set of tools for
auditing wireless networks.


Kismet is an 802.11 layer2 wireless
network detector, sniffer, and intrusion detection system. Kismet
will work with any wireless card which supports raw monitoring
(rfmon) mode, and (with appropriate hardware) can sniff 802.11b,
802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins
which allow sniffing other media such as DECT.


Netstumbler is the best known Windows
tool for finding open wireless access points (“wardriving“).
They also distribute a WinCE version for PDAs and such named
MiniStumbler. The tool is currently free but Windows-only and no
source code is provided. It uses a more active approach to finding
WAPs than passive sniffers such as Kismet or KisMAC.


inSSIDer is a wireless network scanner
for Windows, OS X, and Android. It was designed to overcome
limitations of NetStumbler, namely not working well on 64-bit Windows
and Windows Vista. inSSIDer can find open wireless access points,
track signal strength over time, and save logs with GPS records.


This popular wireless stumbler for Mac
OS X offers many of the features of its namesake Kismet, though the
codebase is entirely different. Unlike console-based Kismet, KisMAC
offers a pretty GUI and was around before Kismet was ported to OS X.
It also offers mapping, Pcap-format import and logging, and even some
decryption and deauthentication attacks.
Bonus Tools
Kali Linux the
successor of backtrack linux has most of the tools configured already
but if you need to configure the additional tools then it could be
done easily. Beyond the tools mentioned above, we have some important
and relevant tools that should be mentioned, so here we go:


Reaver performs a
brute force attack against an access point’s WiFi Protected Setup pin
number. Once the WPS pin is found, the WPA PSK can be recovered and
alternately the AP’s wireless settings can be reconfigured.

Fern WiFi Cracker

Fern wifi cracker
is a wireless security auditing application that is written in python
and uses python-qt4. This application uses the aircrack-ng suite of
If your favorite
tool is not given above, then let us know with a reason to add it to
the list 🙂
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...