Skip to content

Airgeddon Cheat Sheet

airgeddon is an interactive Bash framework that automates many Wi‑Fi auditing attacks, including WPA/WPA2 handshakes, Evil Twin, WPS attacks, and captive portals. It integrates tools like aircrack-ng, reaver, bettercap, and more.


Start Airgeddon

airgeddon

Runs an interactive menu-driven interface.

Note

Run as root and ensure a compatible wireless card.


Initial Setup

During startup, airgeddon will: - Detect wireless interfaces - Check monitor mode support - Verify required dependencies - Offer to install missing tools


Enable Monitor Mode

Airgeddon can manage monitor mode automatically, or you can pre-enable:

airmon-ng start wlan0

Target Selection

From the menu: - Scan nearby APs - Select target ESSID/BSSID - Lock channel automatically


WPA/WPA2 Attacks

Handshake Capture

  • Deauthentication-based capture
  • Passive capture
  • Clientless PMKID (if supported)

Offline Cracking

  • Wordlist-based cracking
  • Export handshakes for Hashcat

Evil Twin Attacks

Airgeddon supports: - Open Evil Twin - WPA Evil Twin - Captive Portal attacks - DNS spoofing

Danger

Evil Twin attacks are for authorized testing only.


WPS Attacks

If WPS is enabled: - Pixie Dust attack - PIN brute force - Integration with reaver and bully


Captive Portal Options

  • Credential harvesting
  • Fake login pages
  • DNS redirection
  • HTTPS downgrade (when possible)

  • Interface & driver management
  • Handshake validation
  • Attack method selection
  • Cleanup & restore network state

Typical Workflow

airgeddon
# Select interface
# Enable monitor mode
# Scan targets
# Choose attack
# Capture credentials / handshake

Cleanup & Restore

Airgeddon automatically: - Restores NetworkManager - Disables monitor mode - Resets iptables rules

Manual restore (if needed):

service NetworkManager restart
airmon-ng stop wlan0mon


Troubleshooting

No compatible interface
  • Ensure chipset supports monitor mode
  • Update drivers / firmware
Handshake invalid
  • Capture again
  • Ensure client activity

  • aircrack-ng
  • reaver
  • bettercap
  • dnsmasq
  • hostapd

Use Cases

  • Wi‑Fi security auditing
  • Red team wireless assessments
  • Training labs
  • Automated attack workflows

Danger

Use airgeddon only on networks you own or have permission to test.