Introduction
WiFi is everywhere — homes, offices, coffee shops, airports, hospitals. Most people trust it without a second thought. They set a password and assume their network is secure. Aircrack-ng exists to test that assumption, and more often than not, it proves them wrong.
Aircrack-ng is an open-source suite of tools for assessing WiFi network security. It's been the standard wireless auditing toolkit since its first release in 2006, and it can monitor, attack, test, and crack WiFi networks. It runs on Linux, Windows, macOS, and even some embedded systems.
How It Works
The Aircrack-ng suite includes several tools that work together. airmon-ng puts your wireless adapter into monitor mode, allowing it to capture all WiFi traffic in range — not just traffic from networks you're connected to. airodump-ng captures raw 802.11 frames and displays information about nearby access points and clients: SSIDs, BSSIDs, signal strength, channel, encryption type, and connected devices.
The core attack against WPA/WPA2 networks involves capturing a four-way handshake — the authentication exchange that occurs when a device connects to a WiFi network. You can wait for a client to connect naturally, or use aireplay-ng to send deauthentication frames that force a client to disconnect and reconnect, generating a fresh handshake.
Once you have the handshake, aircrack-ng performs an offline dictionary attack, testing passwords from a wordlist against the captured handshake. With a good wordlist and GPU acceleration (using tools like hashcat for the actual cracking), common passwords can be cracked in seconds to minutes. WPA/WPA2 passwords are derived from the passphrase using PBKDF2 with 4,096 iterations, which makes brute-force attacks slower — but dictionary attacks against weak passwords remain highly effective.
Why It Matters
WiFi security auditing reveals how vulnerable most wireless networks really are. Default passwords, dictionary words, short passphrases, and reused credentials make the majority of WPA2 networks crackable with a moderate wordlist. The WiFi Pineapple and similar tools demonstrate how easy it is to set up rogue access points that mimic legitimate networks.
For organizations, wireless security assessment is a critical component of penetration testing. Rogue access points, weak passwords, and misconfigured networks are common findings that can give attackers a foothold inside the network perimeter.
Key Takeaways
To use Aircrack-ng effectively, you need a wireless adapter that supports monitor mode and packet injection. Popular choices include adapters based on the Atheros AR9271 and Realtek RTL8812AU chipsets. Kali Linux includes Aircrack-ng by default with drivers for most compatible adapters.
The basic workflow: enable monitor mode (airmon-ng start wlan0), scan for networks (airodump-ng wlan0mon), focus on a target (airodump-ng -c [channel] --bssid [AP MAC] -w capture wlan0mon), send deauth frames if needed (aireplay-ng -0 5 -a [AP MAC] wlan0mon), and crack the captured handshake (aircrack-ng -w wordlist.txt capture-01.cap).
To protect your own network: use WPA3 if your devices support it, choose a passphrase of at least 16 characters that's not based on dictionary words, disable WPS, hide your SSID if possible, and regularly check for unauthorized devices on your network.
The Bigger Picture
Aircrack-ng demonstrates a fundamental tension in wireless security: the convenience of WiFi versus the difficulty of securing radio transmissions that anyone within range can intercept. WPA3 improves the situation with Simultaneous Authentication of Equals (SAE), which resists offline dictionary attacks. But WPA2 remains dominant on the vast majority of networks worldwide, and weak passwords remain the norm. Until that changes, tools like Aircrack-ng will keep proving that the WiFi password you chose in 30 seconds can be cracked in even less time.
