Reaver – Wifi Protected Setup Brute force Tool

Reaver is a tool to implement brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Depending on the access point (AP) type to recover plain text, a WPA or WPA2 password on average takes a brute force method between 4-10 hours. while it may takes half of this time to guess the correct WPS pin code and recover the passphrase.

Reaver - Wifi Protected Setup  Brute force Tool
Reaver – Wifi Protected Setup Brute force Tool

The first version of reaver-wps (reaver 1.0) was created by Craig Heffner in 2011. reaver-wps-fork-t6x version 1.6.x is a community forked version which includes various bug fixes, new features and additional attack method (such as the offline Pixie Dust attack).

In case you use kali linux this is already installed. several improvements have been made with the latest release 2 days ago include:

  • improved bruteforce mode using .wpc save files.
  • automatic pixiewps pin retrieval and live injection in current session if pin is cracked before the timeout happens,
  • experimental uptime command line switch -u
  • lots of bugfixes and improvements

More information about the Pixie Dust attack (including which APs are vulnerable) can be found in pixiewps repository, pixie dust thread (in Kali forum) & Dominique Bongard’s full disclosure

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments