EN
ENNA

Reaver

๐Ÿ“ก Wireless ยท C

Reaver implements a brute force attack against Wi-Fi Protected Setup (WPS) registrar PINs to recover WPA/WPA2 passphrases. WPS uses an 8-digit PIN where the last digit is a checksum and the first and second halves are validated separately, reducing the effective keyspace from 100 million to about 11,000 possibilities. Reaver systematically tries PIN combinations against the target access point, typically recovering the passphrase within 4-10 hours depending on the target. It includes features like automatic detection of WPS-enabled access points, session saving and restoring for interrupted attacks, and configurable timing and delay options to handle rate limiting and lockout mechanisms. Reaver is often used alongside Pixiewps for the more efficient Pixie Dust attack against vulnerable WPS implementations that leak enough information to recover the PIN offline in seconds.

1.9kstars
449forks
23issues
Updated 5mo ago
View on GitHub

Installation

apt (Debian/Ubuntu)

$ sudo apt install reaver

from source

$ git clone https://github.com/t6x/reaver-wps-fork-t6x.git && cd reaver-wps-fork-t6x/src && ./configure && make && sudo make install

Use Cases

  • Testing WPS-enabled routers for PIN brute force vulnerabilities
  • Recovering WPA/WPA2 passphrases through WPS PIN exploitation
  • Auditing wireless networks for WPS misconfiguration and weak implementations
  • Combining with Pixiewps for rapid Pixie Dust attacks against vulnerable APs

Tags

wpswifibrute-forcewpawpa2wireless-audit

Details

Category
๐Ÿ“ก Wireless
Language
C
Platforms
๐Ÿงlinux

Links

GitHub Repository

github.com/t6x/reaver-wps-fork-t6x

Releases

github.com/t6x/reaver-wps-fork-t6x/releases

Issues

github.com/t6x/reaver-wps-fork-t6x/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Aircrack-ng

C

Complete suite for WiFi network security assessment. Monitoring, attacking, testing, and cracking.

Compare Reaver vs Aircrack-ng

Bettercap

Go

Swiss army knife for WiFi, Bluetooth, and ethernet network recon and MITM. Scriptable with JS.

Compare Reaver vs Bettercap

Wifite2

Python

Automated wireless attack tool. Wraps aircrack-ng, reaver, and hashcat for streamlined WiFi auditing.

Compare Reaver vs Wifite2

Pixiewps

C

WPS offline brute force. Exploits weak random number generation in WPS implementations to recover PINs in seconds.

Compare Reaver vs Pixiewps

mdk4

C

802.11 protocol exploitation toolkit. Authentication floods, beacon floods, deauth attacks, and SSID fuzzing for wireless testing.

Compare Reaver vs mdk4

hostapd-mana

C

Rogue access point and evil twin toolkit. Modified hostapd for wireless credential capture and MitM attacks.

Compare Reaver vs hostapd-mana

WiFi-Pumpkin3

Python

Rogue access point framework. GUI-driven evil twin with captive portal, credential harvesting, and transparent proxy support.

Compare Reaver vs WiFi-Pumpkin3

More in Wireless

Aircrack-ng

C

Complete suite for WiFi network security assessment. Monitoring, attacking, testing, and cracking.

wifiwpapacket-capture

Bettercap

Go

Swiss army knife for WiFi, Bluetooth, and ethernet network recon and MITM. Scriptable with JS.

mitmwifibluetooth

Wifite2

Python

Automated wireless attack tool. Wraps aircrack-ng, reaver, and hashcat for streamlined WiFi auditing.

wifiautomatedwpa

Kismet

C++

Wireless network detector, sniffer, wardriving tool, and IDS. WiFi, Bluetooth, Zigbee, and more.

wardrivingidsbluetooth

Flipper Zero Firmware

C

Custom firmware for Flipper Zero. Sub-GHz, RFID, NFC, infrared, and GPIO hacking multi-tool.

flipperrfidnfc

Fluxion

Shell

WPA security auditing tool that uses social engineering for handshake capture via evil twin attacks.

wpaevil-twinsocial-engineering