Airgeddon Cheat Sheet
airgeddon is an interactive Bash framework that automates many Wi‑Fi auditing attacks, including WPA/WPA2 handshakes, Evil Twin, WPS attacks, and captive portals. It integrates tools like aircrack-ng, reaver, bettercap, and more.
Start Airgeddon
airgeddon
Runs an interactive menu-driven interface.
Note
Run as root and ensure a compatible wireless card.
Initial Setup
During startup, airgeddon will: - Detect wireless interfaces - Check monitor mode support - Verify required dependencies - Offer to install missing tools
Enable Monitor Mode
Airgeddon can manage monitor mode automatically, or you can pre-enable:
airmon-ng start wlan0
Target Selection
From the menu: - Scan nearby APs - Select target ESSID/BSSID - Lock channel automatically
WPA/WPA2 Attacks
Handshake Capture
- Deauthentication-based capture
- Passive capture
- Clientless PMKID (if supported)
Offline Cracking
- Wordlist-based cracking
- Export handshakes for Hashcat
Evil Twin Attacks
Airgeddon supports: - Open Evil Twin - WPA Evil Twin - Captive Portal attacks - DNS spoofing
Danger
Evil Twin attacks are for authorized testing only.
WPS Attacks
If WPS is enabled:
- Pixie Dust attack
- PIN brute force
- Integration with reaver and bully
Captive Portal Options
- Credential harvesting
- Fake login pages
- DNS redirection
- HTTPS downgrade (when possible)
Menu Highlights
- Interface & driver management
- Handshake validation
- Attack method selection
- Cleanup & restore network state
Typical Workflow
airgeddon
# Select interface
# Enable monitor mode
# Scan targets
# Choose attack
# Capture credentials / handshake
Cleanup & Restore
Airgeddon automatically: - Restores NetworkManager - Disables monitor mode - Resets iptables rules
Manual restore (if needed):
service NetworkManager restart
airmon-ng stop wlan0mon
Troubleshooting
No compatible interface
- Ensure chipset supports monitor mode
- Update drivers / firmware
Handshake invalid
- Capture again
- Ensure client activity
Related Tools
aircrack-ngreaverbettercapdnsmasqhostapd
Use Cases
- Wi‑Fi security auditing
- Red team wireless assessments
- Training labs
- Automated attack workflows
Legal Notice
Danger
Use airgeddon only on networks you own or have permission to test.