0.2.4 gaining attack-capabilites

I’ve decided to take Pyrit one step further and add actual “attack capabilities”. I have some difficulties with this as the actual legal situation in germany is – putting it mildly – undefined. On the other hand I’m disappointed with the state of tools that currently are available….

So here is the juicy stuff: Pyrit 0.2.4-dev rev146 adds four new commands to the commandline-client:

  • analyze’ parses a pcap-dump and shows some information about AccessPoints, Stations and the presence of WPA-PSK handshakes.
  • attack_passthrough‘ is the most basic attack mode and resembles piping PMKs to other tools like cowpatty. It takes a pcap-dump and attacks available handshakes using passwords read from a file. The database is not touched at all by this. Good for LiveCDs but you lose the advantage of having pre-computed PMKs.
  • attack_batch‘ uses passwords and PMKs stored in the database to attack the handshake. The PMKs are taken from the databased if already computed. Otherwise the passwords are translated into their respective PMKs which are stored on-the-fly for later re-use.
  • attack_db‘ uses only PMKs that are already in the database. Handy if you don’t want your box to get crushed under load.

And here is what it looks like:

pyrit -r test.pcap -e dlink attack_batch
Pyrit 0.2.4-dev (svn r146) (C) 2008, 2009 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3

Parsing file ‘test.pcap’… 426 packets (375 802.11-packets), 4 APs

Picked AccessPoint [hidden] automatically…
Attacking handshake with Station [hidden]…
Tried 3443172 PMKs so far; 675577 PMKs per second.

The password is ‘12345678’.

Notice the number of 675,577 passwords per second :-) Oh and by the way: Pyrit will from now on require scapy to be installed, so check your package manager…



  1. hei, ebfe!
    You seems to be te nemesis of WPA :-)
    Every time I see your web site, there is a new stuff added to pyrit, it seems to grow in capability and powerfull so fast!

    my greeting to your capability in write code.

  2. Hey mate…:)

    Where do you want us to post new ide’s to the pyrit projet?


  3. […] the ability parse packet-capture files and attack EAPOL-authentications on it’s own. See the recent posts or the documentation for more details. Pyrit can also use SSE2 on MacOS and SELinux-enabled […]

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

  • RSS Unknown Feed

    • An error has occurred; the feed is probably down. Try again later.