hostapd-mana vs Reaver
GitHub Stats
About hostapd-mana
hostapd-mana is a featureful rogue access point tool based on a modified version of hostapd, the standard Linux access point daemon. Developed by SensePost, it extends hostapd with capabilities specifically useful for wireless penetration testing: it can impersonate any SSID that clients are probing for (karma attack), capture WPA/WPA2 handshakes from connecting clients, downgrade encryption to capture credentials, and integrate with EAP credential harvesting for WPA-Enterprise networks. hostapd-mana acts as a convincing evil twin that automatically responds to client probe requests, tricking devices into connecting and exposing their credentials or traffic. It's commonly used in wireless assessments to test organizational resilience against rogue access point attacks and to capture domain credentials from enterprise wireless clients.
About Reaver
Reaver implements a brute force attack against Wi-Fi Protected Setup (WPS) registrar PINs to recover WPA/WPA2 passphrases. WPS uses an 8-digit PIN where the last digit is a checksum and the first and second halves are validated separately, reducing the effective keyspace from 100 million to about 11,000 possibilities. Reaver systematically tries PIN combinations against the target access point, typically recovering the passphrase within 4-10 hours depending on the target. It includes features like automatic detection of WPS-enabled access points, session saving and restoring for interrupted attacks, and configurable timing and delay options to handle rate limiting and lockout mechanisms. Reaver is often used alongside Pixiewps for the more efficient Pixie Dust attack against vulnerable WPS implementations that leak enough information to recover the PIN offline in seconds.
Platform Support
Tags
hostapd-mana only
Reaver only