Automated Pixie Dust Attack: receiving WPS PINs and Wi-Fi passwords without input any commands

I have already said about WiFi-autopwner script. Lately it was enhanced much in the Pixie Dust attack, now it is much more intelligent.

Pixie Dust Attack allows revealing WPS PIN quickly for some WPS enabled access points.

Currently, the WiFi-autopwner script allows you to perform an automated and intelligent Pixie Dust attack against all access points within range. Thanks to automation, the attacker does not need any action: just start the program and wait for the results.

Intelligence WiFi-autopwner is that:

  • from all access points in the accessibility range are selected only WPS enabled;
  • if WPS is enabled, but locked, such an access point is also skipped;
  • support for a black list and a list of hacked access points so that you do not waste time on them again;
  • in case of disclosing the PIN, an attempt is made to obtain a password from the Wi-Fi network, and a rather unusual but reliable technique is used;
  • all the described operations are performed completely automatically.

In my conditions - up to 15 available APs with WPS, in one run of the program in a fairly short time it is possible to get 2-4 WPA passwords!

Let's start with the installation of the script:

git clone
cd WiFi-autopwner/

Run the script:

sudo bash

We are greeted by the menu:

If you have more than one wireless interface, then press the number "1" and select the one you want to use. If you have only one Wi-Fi adapter, it will be automatically selected. I have the following records about this:

There is one wireless interface on your system. Automatically Selected
Selected wireless interface wlan0. Mode: managed

Now we need to set the wireless interface to monitor mode, for this select the third menu item.

Now the interface is in monitor mode, so we are completely ready to launch attacks.

Choose the seventh menu item and … just wait.

Next, completely on autopilot the program will find access points with WPS, and will Pixie Dust them all.

If the attack fails (no PIN found), the script simply proceeds to the next access point.

If a PIN is found,

the program writes it to the main window and immediately tries to get the WPA password:

At the first start the program creates empty text files cracked.txt and blacklist.txt, in which you can write down the names of access points that you need to skip when auditing wireless networks.

An example of a launch when 4 PINs and 4 Wi-Fi passwords were received for out of 31 WPS networks:

By the way, if you know the PIN, then you should to keep in you mind, the program has a mode (the eighth item in the menu) of getting the Wi-Fi password from the known WPS PIN - try it, there is a great chance that the password will be opened too.

Last Updated on

Recommended for you:

5 Comments to Automated Pixie Dust Attack: receiving WPS PINs and Wi-Fi passwords without input any commands

  1. Geddon says:

    Great, way more convincing than tinkering around with handshakes and dictionaries!!

  2. argg says:

    unfortunatelly with all APs I try a wps attack the attac does not advance, repeating the following log

    I guess most if not all routers nowdays are attack-proof making this method obsolete. 

    Using Alfa AWUS036NHA wifi card. If anyone else has positive results using this script I would really like to know 

Leave a Reply

Your email address will not be published.