@@ -19,8 +19,10 @@ Wifite is designed to use all known methods for retrieving the password of a wir
1919 WPS: The [ Offline NULL PIN attack] ( https://github.com/t6x/reaver-wps-fork-t6x/wiki/Introducing-a-new-way-to-crack-WPS:-Option--p-with-an-Arbitrary-String )
20202 . WPA: The [ WPA Handshake Capture] ( https://hashcat.net/forum/thread-7717.html ) + offline crack.
21213 . WPA: The [ PMKID Hash Capture] ( https://hashcat.net/forum/thread-7717.html ) + offline crack.
22- 4 . WEP: Various known attacks against WEP, including * fragmentation* , * chop-chop* , * aireplay* , etc.
23- 5 . WIFI Signal jammer, block specific accesspoints or multiple.
22+ 4 . WPA3: The [ SAE Handshake Capture] ( https://hashcat.net/forum/thread-7717.html ) + offline crack.
23+ 5 . WPA3: Transition mode downgrade attacks (force WPA2 on mixed networks).
24+ 6 . WEP: Various known attacks against WEP, including * fragmentation* , * chop-chop* , * aireplay* , etc.
25+ 7 . WIFI Signal jammer, block specific accesspoints or multiple.
2426 signal jamming only works for specific Atheros WiFi chipsets.
2527
2628Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.
@@ -81,9 +83,10 @@ Second, only the latest versions of these programs are supported and must be ins
8183 * Bully is also used to fetch PSK if ` reaver ` cannot after cracking WPS PIN.
8284* [ ` john ` ] ( https://www.openwall.com/john ) : For CPU (OpenCL)/GPU cracking passwords fast.
8385* [ ` coWPAtty ` ] ( https://tools.kali.org/wireless-attacks/cowpatty ) : For detecting handshake captures.
84- * [ ` hashcat ` ] ( https://hashcat.net/ ) : For cracking PMKID hashes.
85- * [ ` hcxdumptool ` ] ( https://github.com/ZerBea/hcxdumptool ) : For capturing PMKID hashes.
86- * [ ` hcxpcapngtool ` ] ( https://github.com/ZerBea/hcxtools ) : For converting PMKID packet captures into ` hashcat ` 's format.
86+ * [ ` hashcat ` ] ( https://hashcat.net/ ) : For cracking PMKID hashes and WPA3-SAE hashes.
87+ * [ ` hcxdumptool ` ] ( https://github.com/ZerBea/hcxdumptool ) : For capturing PMKID hashes and WPA3-SAE handshakes.
88+ * [ ` hcxpcapngtool ` ] ( https://github.com/ZerBea/hcxtools ) : For converting PMKID and SAE packet captures into ` hashcat ` 's format.
89+ * ** Note:** For WPA3 support, you need ` hcxdumptool ` v6.0.0+ and ` hashcat ` v6.0.0+ with mode 22000 support.
8790* [ ` macchanger ` ] ( https://github.com/alobbs/macchanger ) : For randomizing MAC addresses to avoid detection and improve anonymity.
8891* [ ` pixiewps ` ] ( https://github.com/wiire-a/pixiewps ) : For WPS Pixie-Dust attacks (alternative implementation).
8992
@@ -162,6 +165,10 @@ Features
162165* ** WPA/WPA2 Handshake Capture** - Traditional 4-way handshake attack (enabled by default, force with: ` --no-wps ` )
163166* ** WEP Attacks** - Multiple methods: replay, chopchop, fragment, hirte, p0841, caffe-latte
164167* ** WPA3-SAE Support** - Modern WPA3 hash capture and cracking
168+ * ** Transition Mode Downgrade** - Force WPA2 on mixed WPA2/WPA3 networks (highest success rate)
169+ * ** SAE Handshake Capture** - Capture WPA3-SAE authentication for offline cracking
170+ * ** PMF Handling** - Automatic detection and handling of Protected Management Frames
171+ * ** Dragonblood Detection** - Identify networks vulnerable to known WPA3 exploits
165172
166173### Smart Features
167174* ** Automatic Target Detection** - Scans and identifies vulnerable networks
@@ -186,9 +193,192 @@ Features
186193* ** Flexible Targeting** - Target specific networks by BSSID, ESSID, or channel
187194* ** Verbose Logging** - Detailed output for learning and debugging (` -v ` , ` -vv ` , ` -vvv ` )
188195* ** Automation Support** - Scriptable with various timeout and retry options
196+ * ** Session Resume** - Continue interrupted attacks from where you left off
197+ * Automatically saves progress during attacks
198+ * Resume after Ctrl+C, crashes, or power loss
199+ * Multiple session management with selection interface
200+ * Automatic cleanup of old sessions (7+ days)
189201
190202** 💡 TIP:** Use ` wifite -h -v ` to see all available options and advanced settings!
191203
204+ ### WPA3 Attack Support
205+
206+ Wifite now includes comprehensive WPA3-SAE attack capabilities with automatic detection and intelligent strategy selection.
207+
208+ #### WPA3 Attack Strategies
209+
210+ Wifite automatically selects the best attack strategy based on the target network:
211+
212+ 1 . ** Transition Mode Downgrade (80-90% success rate)**
213+ - Automatically detects WPA2/WPA3 mixed networks
214+ - Forces clients to connect using WPA2 instead of WPA3
215+ - Captures standard WPA2 handshake for cracking
216+ - Fastest and most reliable method for transition mode networks
217+
218+ 2 . ** SAE Handshake Capture (60-70% success rate)**
219+ - Captures WPA3-SAE authentication handshakes
220+ - Converts to hashcat format (mode 22000) for offline cracking
221+ - Works on pure WPA3 networks
222+ - Requires GPU for efficient cracking
223+
224+ 3 . ** Passive Capture (50-60% success rate)**
225+ - Used when PMF (Protected Management Frames) is required
226+ - Waits for natural client reconnections
227+ - No deauthentication attacks possible
228+ - Slower but works on PMF-protected networks
229+
230+ 4 . ** Dragonblood Exploitation (40-50% on vulnerable APs)**
231+ - Detects known WPA3 vulnerabilities (CVE-2019 -13377, etc.)
232+ - Attempts timing-based attacks on vulnerable implementations
233+ - Automatically used when vulnerabilities detected
234+
235+ #### Basic WPA3 Usage
236+
237+ ``` bash
238+ # Attack all networks including WPA3 (automatic detection)
239+ sudo wifite
240+
241+ # Target only WPA3 networks
242+ sudo wifite --wpa3-only
243+
244+ # Force SAE capture (skip downgrade attempts on transition mode)
245+ sudo wifite --force-sae
246+
247+ # Disable downgrade attacks (pure SAE only)
248+ sudo wifite --no-downgrade
249+
250+ # Check for Dragonblood vulnerabilities without attacking
251+ sudo wifite --check-dragonblood
252+ ```
253+
254+ #### WPA3 Tool Requirements
255+
256+ For WPA3 support, you need these tools with minimum versions:
257+
258+ * ** hcxdumptool v6.0.0+** - For capturing SAE handshakes
259+ * ** hcxpcapngtool v6.0.0+** - For converting SAE captures to hashcat format
260+ * ** hashcat v6.0.0+** - For cracking SAE hashes (mode 22000)
261+
262+ Install on Kali Linux:
263+ ``` bash
264+ sudo apt update
265+ sudo apt install hcxdumptool hcxtools hashcat
266+ ```
267+
268+ ** 📖 For detailed installation instructions, version requirements, and troubleshooting, see [ WPA3 Tool Requirements Guide] ( docs/WPA3_TOOL_REQUIREMENTS.md ) **
269+
270+ #### Understanding WPA3 Network Types
271+
272+ * ** WPA3-only** - Pure WPA3 networks (requires SAE capture)
273+ * ** WPA3-Transition** - Mixed WPA2/WPA3 (downgrade attack possible)
274+ * ** PMF Required** - Protected Management Frames enabled (no deauth possible)
275+ * ** PMF Optional** - PMF supported but not required (deauth works)
276+
277+ Wifite automatically detects these configurations and selects the optimal attack strategy.
278+
279+ #### WPA3 Attack Examples
280+
281+ ``` bash
282+ # Attack a specific WPA3 network by BSSID
283+ sudo wifite -b AA:BB:CC:DD:EE:FF
284+
285+ # Attack WPA3 with custom timeout (default: 300 seconds)
286+ sudo wifite --wpa3-timeout 600
287+
288+ # Crack captured WPA3 handshake with wordlist
289+ sudo wifite --crack --dict /path/to/wordlist.txt
290+
291+ # Verbose mode to see WPA3 detection and strategy selection
292+ sudo wifite -vv
293+ ```
294+
295+ #### WPA3 Troubleshooting
296+
297+ ** No WPA3 networks detected:**
298+ - Ensure your wireless adapter supports monitor mode on 5GHz (many WPA3 networks use 5GHz)
299+ - Use ` -5 ` flag to scan 5GHz channels
300+ - Verify hcxdumptool is installed and up-to-date
301+
302+ ** PMF prevents deauthentication:**
303+ - This is expected behavior on WPA3 networks with PMF required
304+ - Wifite automatically switches to passive capture mode
305+ - Wait for natural client reconnections (may take longer)
306+
307+ ** SAE handshake capture fails:**
308+ - Ensure hcxdumptool v6.0.0+ is installed
309+ - Check that clients are actively connecting to the network
310+ - Try increasing timeout with ` --wpa3-timeout `
311+
312+ ** Hashcat cracking is slow:**
313+ - WPA3-SAE cracking is computationally intensive
314+ - Use GPU acceleration (CUDA/OpenCL) for best performance
315+ - Consider using cloud-based cracking services for large wordlists
316+
317+ ### Resume Feature
318+
319+ Wifite automatically saves your attack progress and allows you to resume interrupted sessions:
320+
321+ #### Basic Usage
322+ ``` bash
323+ # Start an attack (progress is automatically saved)
324+ sudo wifite
325+
326+ # If interrupted (Ctrl+C, crash, power loss), resume with:
327+ sudo wifite --resume
328+
329+ # Resume the most recent session automatically:
330+ sudo wifite --resume-latest
331+
332+ # Resume a specific session by ID:
333+ sudo wifite --resume-id session_20250126_120000
334+ ```
335+
336+ #### How It Works
337+ * ** Automatic Saving** - Progress is saved after each target completion
338+ * ** Session Files** - Stored in ` ~/.wifite/sessions/ ` with secure permissions (600)
339+ * ** Smart Filtering** - Automatically skips completed and failed targets
340+ * ** Configuration Restore** - Preserves original attack parameters and settings
341+ * ** Multiple Sessions** - Manage multiple interrupted sessions with selection interface
342+
343+ #### Session Management
344+ ``` bash
345+ # List and choose from available sessions
346+ sudo wifite --resume
347+
348+ # Clean up old session files (older than 7 days)
349+ sudo wifite --clean-sessions
350+ ```
351+
352+ #### What's Saved
353+ * Target list and attack progress
354+ * Completed and failed targets
355+ * Attack configuration (wordlist, timeouts, attack types)
356+ * Original interface and settings
357+
358+ #### What's NOT Saved (for security)
359+ * Captured passwords or keys
360+ * Handshake files
361+ * PMKID hashes
362+
363+ #### Troubleshooting
364+
365+ ** Q: No session files found**
366+ * Start a new attack first - sessions are created after target selection
367+ * Check ` ~/.wifite/sessions/ ` directory exists and has proper permissions
368+
369+ ** Q: Corrupted session file**
370+ * Wifite will detect and offer to delete corrupted files
371+ * Use ` --clean-sessions ` to manually remove problematic sessions
372+
373+ ** Q: Interface changed**
374+ * Wifite will detect if the original interface is unavailable
375+ * You'll be prompted to use the current interface instead
376+
377+ ** Q: Session not resuming correctly**
378+ * Ensure you're using the same version of wifite
379+ * Check that all required tools are still installed
380+ * Use ` --resume ` to see session details before confirming
381+
192382Performance Tips
193383-----------------
194384
@@ -202,6 +392,8 @@ Performance Tips
202392* ** PMKID first** - Try ` --pmkid-only ` for fastest WPA/WPA2 attacks (no clients needed)
203393* ** Skip WPS on modern routers** - Use ` --no-wps ` on newer routers that likely have WPS disabled
204394* ** Use wordlists efficiently** - Start with common passwords, use ` --dict <wordlist> `
395+ * ** WPA3 transition mode** - Downgrade attacks are faster than pure SAE capture
396+ * ** Target WPA2 first** - WPA2 is faster to crack than WPA3-SAE
205397
206398### Resource Management
207399* ** Monitor system resources** - Watch CPU and memory usage during long scans
@@ -254,6 +446,19 @@ Troubleshooting
254446- Use ` --deauth-count ` to increase deauth attempts
255447- Some networks may require longer capture times
256448
449+ ** WPA3 attack issues:**
450+ - Verify hcxdumptool v6.0.0+ and hashcat v6.0.0+ are installed
451+ - Check if PMF is preventing deauth attacks (wifite will notify you)
452+ - For transition mode networks, downgrade attacks have highest success rate
453+ - SAE handshake capture requires active client connections
454+ - Use ` -vv ` to see detailed WPA3 detection and strategy information
455+
456+ ** WPA3 cracking performance:**
457+ - WPA3-SAE is significantly slower to crack than WPA2
458+ - GPU acceleration is highly recommended (10-100x faster)
459+ - Ensure hashcat is using your GPU: ` hashcat -I ` to list devices
460+ - Consider starting with smaller, targeted wordlists
461+
257462### Getting Help
258463
2594641 . ** Enable verbose mode:** Use ` -v ` , ` -vv ` , or ` -vvv ` to see detailed command output
0 commit comments