1Reaver(1) General Commands Manual Reaver(1)
2
6 Reaver - WPS Cracker
7
9 reaver -i <interface> -b <target bssid> -vv
10
12 Reaver implements a brute force attack against WiFi Protected Setup
13 which can crack the WPS pin of an access point in a matter of hours and
14 subsequently recover the WPA/WPA2 passphrase.
15 Specifically, Reaver targets the registrar functionality of WPS, which
17 is flawed in that it only takes 11,000 attempts to guess the correct
18 WPS pin in order to become a WPS registrar. Once registred as a regis‐
19 trar with the access point, the access point will give you the WPA
20 passphrase.
21
23 -m, --mac=<mac>
24 MAC of the host system (should be resolved automatically)
25 -e, --essid=<ssid>
27 ESSID of the target AP. Unless cloaked, this will be
28 resolved automatically.
29 -c, --channel=<channel>
31 Set the 802.11 channel for the interface (implies -f)
32 -o, --out-file=<file>
34 Send output to a log file [default: stdout]
35 -f, --fixed
37 Disable channel hopping
38 -5, --5ghz
40 Use 5GHz 802.11 channels
41 -v, --verbose
43 Display non-critical warnings (-vv for more)
44 -q, --quiet
46 Only display critical messages
47 -i, --interface=<wlan>
49 Name of the monitor-mode interface to use
50 -b, --bssid=<mac>
52 BSSID of the target AP
53 -p, --pin=<wps pin>
55 Use the specified WPS pin
56 -h, --help
58 Show help
59
61 This manual page was written by Craig Heffner <cheffner@tacnetsol.com>,
62 Tactical Network Solutions. Permission is granted to copy, dis‐
63 tribute and/or modify this document under the terms of the GNU Gen‐
64 eral Public License, Version 2 or any later version published by the
65 Free Software Foundation, the complete text of the GNU General Public
66 License can be found in /usr/share/common-licenses/GPL.
671.3 29 December, 2011 Reaver(1)