Reaver vs WiFi-Pumpkin3
GitHub Stats
About Reaver
Reaver implements a brute force attack against Wi-Fi Protected Setup (WPS) registrar PINs to recover WPA/WPA2 passphrases. WPS uses an 8-digit PIN where the last digit is a checksum and the first and second halves are validated separately, reducing the effective keyspace from 100 million to about 11,000 possibilities. Reaver systematically tries PIN combinations against the target access point, typically recovering the passphrase within 4-10 hours depending on the target. It includes features like automatic detection of WPS-enabled access points, session saving and restoring for interrupted attacks, and configurable timing and delay options to handle rate limiting and lockout mechanisms. Reaver is often used alongside Pixiewps for the more efficient Pixie Dust attack against vulnerable WPS implementations that leak enough information to recover the PIN offline in seconds.
About WiFi-Pumpkin3
WiFi-Pumpkin3 is a powerful framework for rogue access point attacks, providing an all-in-one solution for wireless security assessments. It creates a fake access point with built-in DHCP, DNS, and captive portal services, capturing credentials from clients who connect and attempt to authenticate. The framework includes proxy plugins for injecting JavaScript, capturing images, modifying HTML responses, and sniffing unencrypted traffic. WiFi-Pumpkin3 features both a command-line and graphical interface, making it accessible for different skill levels. Its plugin architecture supports custom captive portal templates (mimicking hotel WiFi, corporate portals, social media login pages), transparent proxying with SSL stripping, and integration with external tools like Bettercap and Responder for more sophisticated attacks.
Platform Support
Tags
Reaver only
WiFi-Pumpkin3 only