Primary Use Case

This tool is primarily used by penetration testers and red teamers to simulate denial-of-service attacks on WiFi networks by forcibly disconnecting clients. It helps security professionals assess the resilience of wireless networks against deauthentication attacks and test network monitoring and response capabilities.

Key Features

Performs deauthentication attacks on both 2.4GHz and 5GHz WiFi bands

Does not require the network password to execute attacks

Scans all WiFi channels to detect available access points

Supports targeting specific SSIDs, BSSIDs, or clients

Can send deauth packets on all channels iteratively to counter channel hopping APs

Supports automation with autostart when only one AP is found

Requires network interface with monitor mode and packet injection capabilities

Includes debug mode and options to manage NetworkManager interference

Insights & Recommendations

Requires a Linux OS and a wireless network adapter capable of monitor mode and packet injection. Running the tool may disrupt legitimate network users and should only be used in authorized testing environments. Using the --clients option is not recommended as clients may reconnect with randomized MAC addresses. NetworkManager service may interfere with the attack and can be stopped using the --kill option or manually. For full effectiveness on APs operating dual bands under the same SSID/BSSID, running two instances targeting 2.4GHz and 5GHz simultaneously is advised.

Usage

sudo wifi-deauth -i <iface>

Run the deauthentication attack on the specified network interface after installing the tool.

sudo python3 wifi_deauth.py -i <iface>

Run the tool without installing by executing the script directly after installing requirements.

sudo pip3 install -r requirements.txt

Install required Python dependencies manually when running without installation.

sudo wifi-deauth -i <iface> --deauth-all-channels

Send deauthentication packets on all allowed channels iteratively to target APs that switch channels.

sudo wifi-deauth -i <iface> --ssid <name>

Filter and attack a specific SSID by case-insensitive substring to reduce scanning time.

sudo wifi-deauth -i <iface> --bssid <addr>

Filter and attack a specific access point by its BSSID (MAC address).

sudo wifi-deauth -i <iface> --autostart

Automatically start the deauthentication loop when only one access point is found.

sudo wifi-deauth -i <iface> --channels <ch1,ch2>

Scan and attack only specified WiFi channels instead of all supported channels.

sudo wifi-deauth -i <iface> --clients <m_addr1,m_addr2>

Target deauthentication packets to specific client MAC addresses instead of broadcast.

sudo wifi-deauth -i <iface> --debug

Enable debug output for troubleshooting and detailed information.

sudo wifi-deauth -i <iface> --kill

Stop NetworkManager service to prevent interference with the attack.

sudo wifi-deauth -i <iface> --skip-monitormode

Skip automatic enabling of monitor mode if it is already enabled manually.

Smart Usage Notes

Use this tool to simulate WiFi denial-of-service attacks during red team exercises to test wireless network resilience and incident response.Combine with network monitoring tools to validate blue team detection capabilities against wireless DoS attacks.Automate channel hopping attacks using multiple interfaces to simulate advanced adversary tactics.Incorporate into purple team scenarios to improve collaboration between offensive and defensive teams on wireless threat detection and mitigation.Leverage debug and filtering options to tailor attacks for specific SSIDs or clients, enhancing precision in penetration tests.

OpenSec Atlas

wifi-deauth

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like