Search for wireless access points with WPS enabled: using Wash, Airodump-ng and Wifite
Before attacking Wi-Fi from WPS, we need to find wireless access points that have WPS turned on.
This can be done in different ways, I will talk about , Airodump-ng and Wifite. You yourself can choose the one that seems to you the most convenient.
Regardless of the method chosen, you need to start by putting the wireless card in monitor mode . I do it like this:
ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up
Search WPS with Airodump-ng
Airodump-ng can show all available information about wireless points in range. However, by default it does not have a WPS information field. In order for this field to appear, you need to use the – wps key .
airodump-ng wlan0 --wps
I like to run with additional keys –manufacturer (shows AP manufacturer) –uptime (shows working time):
airodump-ng wlan0 --manufacturer --uptime --wps
The information is quite exhaustive. True, if you are only interested in WPS, then the information is also somewhat redundant.
WPS Search with Wifite
Wifite is a program for automated hacking. That is why she won (well-deserved) popularity among beginners. In its work, Wifite relies on data from Airodump-ng. Those. Airodump-ng must be installed. At the same time, many people like the painted pseudo Wifite interface.
In order to show APs only with WPS enabled, you need to start with the –wps key:
Look carefully at the data:
Kali is my AP and as you can see WPS is locked it’s 2019 and those AP with WPS enable are the easiest target you could find in your life , getting the WiFi password wont need more then a minute !
Those tools allow you to receive and display information about APs with WPS enabled. Their use and display of the obtained data differ slightly. What is more suitable for you – choose for yourself.