Auto Reaver – multiple Access Point Attack using Reaver

By Ehacking Staff

May 14, 2015

This is bash script which provides multiple access point attack using reaver and BSSIDs list from a text file.

If processed AP reaches rate limit, script goes to another from the list, and so forth.

HOW IT WORKS ?

Script takes AP targets list from text file in following format

BSSID CHANNEL ESSID

For example:

AA:BB:CC:DD:EE:FF 1 MyWlan 
00:BB:CC:DD:EE:FF 13 TpLink 
00:22:33:DD:EE:FF 13 MyHomeSSID

And then following steps are being processed:

Every line of list file is checked separately in for loop
After every AP on the list once, script automatically changes MAC address of your card to random MAC using macchanger (you can also setup your own MAC if you need),
Whole list is checked again and again, in endless while loop, until there is nothing to check loop is stopped,
Found PINS/WPA PASSPHRASES are stored in {CRACKED_LIST_FILE_PATH} file.

REQUIREMENTS

Wireless adapter which supports injection (see [https://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers Reaver Wiki])
Linux Backtrack 5
Root access on your system (otherwise some things may not work)
AND if you use other Linux distribution*
- Reaver 1.4 (I didn’t try it with previous versions)
- KDE (unless you’ll change ‘konsole’ invocations to ‘screen’, ‘gnome-terminal’ or something like that… this is easy)
- Gawk (Gnu AWK)
- Macchanger
- Airmon-ng, Airodump-ng, Aireplay-ng
- Wash (WPS Service Scanner)
- Perl

USAGE EXAMPLE

First you have to download lastest version

git clone https://code.google.com/p/auto-reaver/

Go to auto-reaver directory

cd ./auto-reaver

Make sure that scripts have x permissions for your user, if not run

chmod 700 ./washAutoReaver
chmod 700 ./autoReaver

Run wash scanner to make a formatted list of Access Points with WPS service enabled
./washAutoReaverList > myAPTargets

Wait for 1-2 minutes for wash to collect APs, and hit CTRL+C to kill the script.
Check if any APs were detected

cat ./myAPTargets

If there are targets in myAPTargets file, you can proceed attack, with following command:

./autoReaver myAPTargets

ADDITIONAL TOOLS

In auto-reaver directory you can find additional tools:

washAutoReaverList

Script that will scan network using wash, to search for Access points with WPS service enabled, and generate auto-reaver formatted list like:

AA:BB:CC:DD:EE:FF 1 MyWlan
00:BB:CC:DD:EE:FF 13 TpLink
00:22:33:DD:EE:FF 13 MyHomeSSID

Important: You can always block AP checking by simply adding # sign before each line, as follows:

# 00:22:33:DD:EE:FF 13 MyHomeSSID

so MyHomeSSID will be skipped during list check.

showPinDates

Script shows last PIN attempt dates for the certain BSSID
It depends on PIN_DATE_TMP_DIR variable (see configuration section), from configurationSettings file.
You can use this tool to adjust setting of LIMIT_WAIT_MINUTES, it should help you discover, for how long certain AP is blocked during AP rate limit.
Using:

./showPinDates [BSSID] [OPTIONS]

Example:

./showPinDates AA:BB:CC:DD:EE:FF

Example output:

2014-06-26 06:06:54
2014-06-26 08:06:09
2014-06-26 13:06:08
2014-06-26 14:06:06
2014-06-26 15:06:10

You can use additional options for grouping PIN dates:

Example:

./showPinDates AA:BB:CC:DD:EE:FF –group-by-day

Outputs:

Grouping PINs by day
2014-06-23: 24 PINs
2014-06-29: 20 PINs
2014-06-30: 51 PINs

Options available:
–group-by-day – Grouping PIN dates, by day and shows PIN count of each day
–group-by-hour – Grouping PIN hours, by day+hour and shows PIN count of each day+hour

Download & Learn More