Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
Required Arguments:’ g# ^, x” s/ [/ ^7 E
-i, –interface=<wlan> Name of the monitor-mode interface to use8 S7 N- P0 T4 j’ D
网卡的监视接口,通常是mon0– D) ]6 @( R+ ^ C4 H4 o. F6 j
-b, –bssid=<mac> BSSID of the target AP8 y) q0 E% _1 c9 U# i0 N7 S8 h
AP的MAC地址$ D d& S% s’ w9 G’ W
/ ^% Q( i( z; K” ^6 m( f
Optional Arguments:6 t- Y& y5 C” y/ r! D( V
-m, –mac=<mac> MAC of the host system
指定本机MAC地址,在AP有MAC过滤的时候需要使用0 W, i M7 i1 o( ~) H$ s* J! M7 q
-e, –essid=<ssid> ESSID of the target AP
路由器的ESSID,一般不用指定’ j q; a P. x+ u” z
-c, –channel=<channel> Set the 802.11 channel for the interface (implies -f)
信号的频道,如果不指定会自动扫描
-o, –out-file=<file> Send output to a log file [stdout]
标准输出到文件
-s, –session=<file> Restore a previous session file% w2 c/ Q# r a% w2 H4 e) Q
恢复进程文件7 q- m1 q$ e9 b; O% Y
-C, –exec=<command> Execute the supplied command upon successful pin recovery
pin成功后执行命令
-D, –daemonize Daemonize reaver
设置reaver成Daemon, {5 |$ s. ^; R- Z5 p6 W
-a, –auto Auto detect the best advanced options for the target AP
对目标AP自动检测高级参数. G/ C) y9 r2 t’ X/ j; K% [/ R
-f, –fixed Disable channel hopping! M5 ?0 {7 i0 w8 y, d J
禁止频道跳转/ G5 P: Q: N& [) e- }# U3 f
-5, –5ghz Use 5GHz 802.11 channels
使用5G频道’ t: o3 h5 o, V
-v, –verbose Display non-critical warnings (-vv for more)
显示不重要警告信息 -vv 可以显示更多1 s0 z. k p7 _% I
-q, –quiet Only display critical messages2 E& C7 h+ t) D
只显示关键信息
-h, –help Show help1 g9 f” b. s% o( `5 S. ^
显示帮助) R6 f” P, V5 W9 r: k” V
: V2 z’ g- l8 * O* d9 _
9 Z- P% T# n& V: M V; g
Advanced Options:
-p, –pin=<wps pin> Use the specified 4 or 8 digit WPS pin3 |$ i5 T& g! X2 Y4 Y” m- f% [
直接读取psk(本人测试未成功,建议用网卡自带软件获取), i5 Y+ M+ N8 a1 F0 b! ?5 p. W
-d, –delay=<seconds> Set the delay between pin attempts [1]/ C1 B( E% c W3 R
pin间延时,默认1秒,推荐设0# e’ j1 f/ i0 h; |- E1
-l, –lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
AP锁定WPS后等待时间6 Y) Y/ – B0 e5 Q8 b2 d6 l9 Q4 K1 ~
-g, –max-attempts=<num> Quit after num pin attempts% B! {0 d: f& `7 q# ?% s z; X+ ]
最大pin次数/ I0 M: o3 F5 Q% U; Q3 m( l
-x, –fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0], J5 T; W$ n% I7 {
10次意外失败后等待时间,默认0秒, |! | _9 h4 u- W
-r, –recurring-delay=<x:y> Sleep for y seconds every x pin attempts
每x次pin后等待y秒1 w! r” h& : f6 X8 B
-t, –timeout=<seconds> Set the receive timeout period [5]. Q9 U0 `9 D: G+ d# M/ a
收包超时,默认5秒
-T, –m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
M5/M7超时,默认0.2秒$ c1 i/ X- _& V& M- {# & L
-A, –no-associate Do not associate with the AP (association must be done by another application)
不连入AP(连入过程必须有其他程序完成). Z- b+ m$ t- k2 W, p: T
-N, –no-nacks Do not send NACK messages when out of order packets are received
不发送NACK信息(如果一直pin不动,可以尝试这个参数)
-S, –dh-small Use small DH keys to improve crack speed
使用小DH关键值提高速度(推荐使用)
-L, –ignore-locks Ignore locked state reported by the target AP
忽略目标AP报告的锁定状态
-E, –eap-terminate Terminate each WPS session with an EAP FAIL packet” `. 9 O( k5 G( a: h) b3 [” ? j; b
每当收到EAP失败包就终止WPS进程7 l” }1 l, j; G( E3 m
-n, –nack Target AP always sends a NACK [Auto]
对目标AP总是发送NACK,默认自动
-w, –win7 Mimic a Windows 7 registrar [False]
模拟win7注册,默认关闭% v2 W2 e6 L! N5 [* _0 ~
. Y: l; t, j8 ~/ k8 I( ~$ i* ~2 [7 }
——个人心得———————————————————9 s9 @” A1 Y3 O# F% L: J
对一个ap刚开始pin的时候打开-vv参数,如果顺利,就中断,然后改成-v继续pin,反正进度是可以保存的$ z: P, N% n! X0 P7 X0 z2 b
reaver -i mon0 -b xx:xx:xx:xx:xx:xx -d 0 -vv -a -S
1 o# o$ D+ N) W, z% e& E1 W3 D
如果一直pin不动,尝试加-N参数– i0 F; j8 H# I6 k2 G T$ n7 ?
reaver -i mon0 -b xx:xx:xx:xx:xx:xx -d 0 -vv -a -S –
