Aircrack-ng is a well-known scanner that can show the signals and traffic on WiFi networks. Unfortunately, the tool can also transmit packets, and it has a reputation for WEP “encryption key recovery” – which means security cracking.
Aircrack-ng is an old system and, as a tool developed for skilled technicians, it doesn’t have an excellent interface. There is no graphical user interface for Aircrack-ng, just a command-line system. This makes the tool difficult to use and easy for rival systems to beat.
The development of Aircrack-ng
Aircrack-ng was first released in April 2006, and it was developed by Belgian uber hacker Thomas d’Otreppe de Bouvette, also known as Mister X. The system was based on an earlier utility, called Aircrack and the “ng” in the name of the new service stands for “next generation.”
De Bouvette later turned gamekeeper and wrote OpenWIPS‐ng, an innovative wireless intrusion prevention system. In addition, de Bouvette wrote the book on wireless penetration testing. This is the Offensive Security Wireless Attacks course, which is dubbed WiFu – WiFi KungFu.
Of all his projects, Aircrack-ng is de Bouvette’s most tremendous success. This tool was periodically redeveloped, with the latest release in January 2020 – Aircrack-ng 1.6. By contrast, OpenWIPS-ng hasn’t been updated since its release in 2011 – it is still officially in its Beta version.
Aircrack-ng is one of the penetration testing tools that are built into Kali Linux.
Aircrack-ng is composed of 20 individual utilities. These are:
- airbase-ng Implements attacks on wireless clients rather than APs. This tool incorporates many different attacks, including handshake capture, packet manipulation, and traffic injection.
- aircrack-ng This is the core module, and it cracks WEP and WPA encryption keys.
- airdecap-ng A decryption tool to work on WEP or WPA files with a known decryption key.
- airdecloak-ng Removes WEP cloaking from a pcap file. This confounds WIPS systems that generate a fake stream of packets to try to fool aircrack-ng.
- aireplay-ng This packet injector enables the user to send packets out onto the network. This uses CommView as an intermediary when implemented on Windows.
- airmon-ng Manages the network card and alters its mode.
- airodump-ng This module is a pcap processor that transfers read-in packets into pcap or IVS format and writes them to a file. It can be used to extract network participant information from passing packets.
- airolib-ng Stores and manages lists of ESSIDs and passwords for use in encryption and credentials cracking.
- airserv-ng Allows access to the wireless NIC from other computers. The airserv-ng program acts as a server to those other computers acting as clients. The program serves as a daemon, waiting for requests.
- airtun-ng A tunneling system for wireless transmissions. This creates a level of privacy for communications, and it can also act as a repeater. This program only works on Linux.
- buddy-ng This is a receiver program that works in conjunction with easside-ng. These two programs work together to transmit over a WEP network without knowing the WEP encryption key. The buddy-ng program needs to be running on a server outside the wireless network.
- easside-ng This tool sends out transmissions over a WEP network without using the encryption system of the network. The AP will encrypt and decrypt packets sent to and from an external location. So, easside-ng sends its packet to buddy-ng, which acts as a proxy and bounces the packet back into the network, where the AP gives it WEP authorization.
- ivstools This utility converts a pcap file to an IVS file or merges IVS files.
- kstats This tool shows the FMS algorithm votes for an IVS dump. However, you need to give the WEP encryption key ads a parameter. You would generate the IVS dump by getting a pcap file with airodump and converting it with ivstools.
- makeivs-ng This program will create an IVS file, given a WEP key. This file would be generated for use in test scenarios.
- packetforge-ng Generates encrypted packets that follow the encryption system used in a stream and transmits those packets.
- tkiptun-ng Uses QoS channels to inject a small number of frames into a WPA TKIP-guarded network; however, this program doesn’t succeed with all types of drivers.
- versuck-ng This specialist tool only works with Verizon Actiontec wireless routers to deduce the default WEP key.
- wesside-ng This is the central cracking routine to work out the encryption key needed to access a WEP-protected network.
- WZCOOK Grabs the WEP keys from XP’s Wireless Zero Configuration utility. Unfortunately, this tool doesn’t always work.
Here are a few quick notes on the terminology used in the above descriptions:
- pcap is a packet capture format, in binary, that was created for tcpdump and is also used by many other packet sniffers.
- An IVS file has the extension .ivs and contains Initialization Vectors (IVs). An IV is a random number sent in plain text, and it is used in junction with a key to form WEP encryption. In short, it is a second key for the encryption algorithm, and Aircrack-ng needs this to calculate the WEP key.
- ESSID is an identifier for a device that wants to connect to a wireless network. The device sends its ESSID with its connection request, and once on the network is identified by that number until it disconnects. ESSIDs can be any value and can be changed to use different values for each connection.
The software for Aircrack-ng is available on the utility’s website. But, first, go to the Aircrack-ng Download page to get the installer.
There are two versions of Aircrack-ng for Windows on this page. One of them requires the user to create a DLL to connect the Aircrack-ng software to the computer’s wireless NIC. The expectation that potential users would be prepared to take this step, or even know how to, demonstrates the exclusivity of the Aircrack-ng community. Unfortunately, the creator of this tool isn’t going to make using the utility easy.
Fortunately, the second version of Aircrack-ng for Windows doesn’t require the user to be a Computer Science graduate. This version links through to the wireless NIC through the Riverbed AirPcap driver. This is available from the Riverbed AirPcap download page if you don’t have it on your Windows device.
Users of Linux, Unix, and macOS can download the source code and compile it. If you have Kali Linux, you already have Aircrack-ng on your computer.
Aircrack-ng strengths and weaknesses
Aircrack-ng is a classic hacker tool. But, like most classics, it is old, and so much of the excitement of getting this famous hacking system for free dissipates when you find out that the designers of WiFi know all about this system and have taken steps to block it.
- A famous hacker tool that you can use for nothing
- Versions for Windows as well as Unix, Linux, and macOS
- Already installed in Kali Linux
- Can crack wireless network encryption
- Difficult to install
- Difficult to use
- No graphical user interface
- Excels at cracking WEP encryption, which is no longer used on wireless systems
- The WPA-TKP utilities don’t work
Alternatives to Aircrack-ng
Aircrack-ng is an excellent tool to use on wireless networks that use the WEP protection standard. The only problem is that WEP was deprecated in 2004. So there are some routines in Aircrack-ng that operate on the WPA network, only that standard isn’t used anymore, and those utilities don’t work anyway.
So, you’re probably feeling a little deflated at this news and wish you could find a different wireless hacking tool that works. Fortunately, there are better systems out there that provide a better alternative to Aircrack-ng.
What should you look for in an alternative to Aircrack-ng?
We reviewed the market for wireless network scanners and assessed the options based on the following criteria:
- An easy to install and easy to use tool
- Preferably a graphical user interface
- Extra features, such as a signal strength display or a channel frequency tracker
- A system that can reveal the encryption standard being used on a network
- Detection for many wireless communication standards, not just WiFi
- A free tool or a free trial for a no-cost assessment
- A tool that is worth using for penetration testing, not just something flashy to show friends
We have compiled a list of good wireless network sniffers that should help you spot signal footprint, strength, and traffic volumes with these selection criteria in mind. However, if you are looking for a system that can crack wireless network encryption keys, you will have to wait a while longer because such services haven’t been invented yet.
Here is our list of the six best alternatives to Aircrack-ng:
- Airgeddon This is close to Aircrack-ng, but it is better because the code has been maintained – the latest version was released in August 2021. This is a package of scripts that runs and links together with other tools, including some of the components of Aircrack-ng. The tools audit wireless networks and also attempt to crack passwords. However, it has routines for WPA2, which is still in use. In addition, the package includes packet capture and attack strategies. It installs on Linux and is included in Kali Linux.
- Trackerjacker This tool is helpful for wireless network scanning because it can glean information about a network without your device being connected to it – most scanners require that you connect to the wireless network first. However, the service includes mapping and tracking functions, and it can launch several attacks, including spoofing. Trackerjacker is free to use, and it installs on Linux and macOS.
- EAPHammer This is a toolkit of utilities that is regularly updated – the last update was made in August 2021. The package can be used to scan and attack WPA2-Enterprise wireless networks. The tools include methods to perform an evil twin attack or a karma attack. It can get you into Active Directory instances to find access credentials. It offers SSID cloaking and network spoofing utilities, which is an excellent tool for penetration testers. The tool will install on Linux, and it is free to use.
- Wifiphisher This package of tools is adept at hijacking networks and forcing users onto a fake AP. Once on the AP that is under the control of the hacker, many attacks can be performed. This is good for snooping, credentials theft, man-in-the-middle attacks, identity theft, and many other attacks, such a Karma and Lure10. This tool is more beneficial for research and information stealing than for automated attacks. It operates on WPA and WPA2 wireless networks. This package is free to use, and it was explicitly written for Kali Linux.
- Wireshark If you just want to capture traffic for analysis, Wireshark is probably the best alternative to Aircrack-ng. It can operate on LANs, WiFi, and Bluetooth networks. However, this package doesn’t include any password cracking or attack utilities. This free tool consists of a data viewer that lets you see all of the captured packets. It can also write packets to a file in pcap format or export them to files in other formats. The system relies on pcap for the actual packet capture routine. Wireshark is available for Windows, Linux, Unix, and macOS.
- Acrylic Wifi This is a range of tools that offer sophisticated insights into your WiFi network. Modules include a WiFi Heatmap diagrammer, a WiFi Traffic Analyzer, and specialist tools, such as a Bluetooth version and an edition for use by law enforcement. This package does have some password management functions that can get you onto a network without authorization. Acrylic is free to use for private individuals, but businesses have to pay. However, the prices are meager, such as $19.95 for a one-year license of the WiFi traffic analyzer. It runs on Windows.