Auto Reaver – multiple Access Point Attack using Reaver

This is bash script which provides multiple access point attack using reaver and BSSIDs list from a text file.

If processed AP reaches rate limit, script goes to another from the list, and so forth.


Script takes AP targets list from text file in following format


For example:

00:BB:CC:DD:EE:FF 13 TpLink 
00:22:33:DD:EE:FF 13 MyHomeSSID

And then following steps are being processed:

  • Every line of list file is checked separately in for loop
  • After every AP on the list once, script automatically changes MAC address of your card to random MAC using macchanger (you can also setup your own MAC if you need),
  • Whole list is checked again and again, in endless while loop, until there is nothing to check loop is stopped,


  • Wireless adapter which supports injection (see [ Reaver Wiki])
  • Linux Backtrack 5
  • Root access on your system (otherwise some things may not work)
  • AND if you use other Linux distribution*
    • Reaver 1.4 (I didn’t try it with previous versions)
    • KDE (unless you’ll change ‘konsole’ invocations to ‘screen’, ‘gnome-terminal’ or something like that… this is easy)
    • Gawk (Gnu AWK)
    • Macchanger
    • Airmon-ng, Airodump-ng, Aireplay-ng
    • Wash (WPS Service Scanner)
    • Perl


First you have to download lastest version

git clone

Go to auto-reaver directory

cd ./auto-reaver

Make sure that scripts have x permissions for your user, if not run

chmod 700 ./washAutoReaver
chmod 700 ./autoReaver

Run wash scanner to make a formatted list of Access Points with WPS service enabled
./washAutoReaverList > myAPTargets

Wait for 1-2 minutes for wash to collect APs, and hit CTRL+C to kill the script.
Check if any APs were detected

cat ./myAPTargets

If there are targets in myAPTargets file, you can proceed attack, with following command:

./autoReaver myAPTargets


In auto-reaver directory you can find additional tools:


Script that will scan network using wash, to search for Access points with WPS service enabled, and generate auto-reaver formatted list like:

00:BB:CC:DD:EE:FF 13 TpLink
00:22:33:DD:EE:FF 13 MyHomeSSID

Important: You can always block AP checking by simply adding # sign before each line, as follows:

# 00:22:33:DD:EE:FF 13 MyHomeSSID

so MyHomeSSID will be skipped during list check.


Script shows last PIN attempt dates for the certain BSSID
It depends on PIN_DATE_TMP_DIR variable (see configuration section), from configurationSettings file.
You can use this tool to adjust setting of LIMIT_WAIT_MINUTES, it should help you discover, for how long certain AP is blocked during AP rate limit.

./showPinDates [BSSID] [OPTIONS]


./showPinDates AA:BB:CC:DD:EE:FF

Example output:

2014-06-26 06:06:54
2014-06-26 08:06:09
2014-06-26 13:06:08
2014-06-26 14:06:06
2014-06-26 15:06:10

You can use additional options for grouping PIN dates:


./showPinDates AA:BB:CC:DD:EE:FF –group-by-day


Grouping PINs by day
2014-06-23: 24 PINs
2014-06-29: 20 PINs
2014-06-30: 51 PINs

Options available:
–group-by-day – Grouping PIN dates, by day and shows PIN count of each day
–group-by-hour – Grouping PIN hours, by day+hour and shows PIN count of each day+hour

Download & Learn More

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...