hostapd-mana vs Pixiewps
GitHub Stats
About hostapd-mana
hostapd-mana is a featureful rogue access point tool based on a modified version of hostapd, the standard Linux access point daemon. Developed by SensePost, it extends hostapd with capabilities specifically useful for wireless penetration testing: it can impersonate any SSID that clients are probing for (karma attack), capture WPA/WPA2 handshakes from connecting clients, downgrade encryption to capture credentials, and integrate with EAP credential harvesting for WPA-Enterprise networks. hostapd-mana acts as a convincing evil twin that automatically responds to client probe requests, tricking devices into connecting and exposing their credentials or traffic. It's commonly used in wireless assessments to test organizational resilience against rogue access point attacks and to capture domain credentials from enterprise wireless clients.
About Pixiewps
Pixiewps is a tool used to brute force offline the WPS PIN exploiting the low or non-existing entropy of some software implementations. This is known as the Pixie Dust attack, which exploits weak random number generation in the WPS protocol implementation of many routers. While Reaver performs online brute force (trying PINs against the router one by one), Pixiewps works offline - it captures the WPS exchange data and computes the PIN locally, typically recovering it in seconds rather than hours. The attack works because many router manufacturers use predictable values (like the router's own BSSID or timestamp) to seed the random number generator used in the WPS Diffie-Hellman key exchange. Pixiewps is typically used in conjunction with Reaver or Bully, which handle the network interaction while Pixiewps performs the offline computation.
Platform Support
Tags
hostapd-mana only
Pixiewps only