Zydra is a password recovery tool that can recover passwords from files and Linux shadow files using brute-force or dictionary attack. That means, it can crack passwords of ZIP, RAR and PDF files. Also it can recover passwords of Linux systems using the shadow file (shadow file stores user passwords in Linux system).

In this detailed article we will learn how we can use Zydra on our Kali Linux system.

Key Features of Zydra 

Zydra’s main features are following:

• The most important features of Zydra is the multiprocessing feature that speeds up the program. For example if we have 8 CPU cores, Zydra will use all of them for processing at the same time.
• It can be use against Legacy ZIP files, RAR files, PDF files and shadow files.
• Cracking files password using two methods dictionary method and brute force method.
• In the brute force method, we can specify the min length and max length of the passwords, also we can specify the type of characters that may be used in the password.
• A percent progress bar showing how much of the process has been performed.
• Error handling.

Installing Zydra on Kali Linux

We can found Zydra on it’s GitHub repository but before that we will install some dependencies to work Zydra perfectly.

First of all we update our system by using following command:

sudo apt-get update

Then we download some dependencies by using following command:

sudo apt-get install qpdf unrar

The above command will install qpdf and unrar on our system as we can see in the following screenshot:

Then we need to install some Python3 modules using pip.

pip3 install rarfile pyfiglet py-term

These will be installed on our system after using above command as we can see it.

Now we just need to download figlet font “epic” for Zydra by using following command:

sudo wget http://www.figlet.org/fonts/epic.flf -O /usr/share/figlet/epic.flf

Now it’s time to download the Zydra from GitHub. Either we can clone the whole repository or we can just download the Python script. Let we download just the Python script by using following command:

wget -O zydra.py https://raw.githubusercontent.com/hamedA2/Zydra/master/Zydra.py

The python script will be saved our current working directory by the name of zydra.py.

Now we can run the script. First of all we check the help option by applying following command:

python3 zydra.py --help

We can see the help menu of Zydra in the following screenshot:

Either we can read the boring help section of Zydra or continue reading out guide to know the important uses of this tool.

How to Crack ZIP files password on Kali Linux

Here we have a ZIP file on our Desktop which is protected by a password. We can see that it prompt for password on the following screenshot:

Now we try to brake the password with dictionary attack. To perform this we need a password list. We will use the 10k-most-common.txt (password list). It comes with our Kali Linux (/usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt), which contains 10,000 most commonly used passwords.

So we open our terminal and our command will be following:

python3 zydra.py -f /home/kali/Desktop/images.zip -d /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Here we have used the -f flag to specify the location of the ZIP file (in our case which is /home/kali/Desktop/images.zip) and using the -d flag we have specify the location of the dictionary (password list). Output shown in the following screenshot:

On the above screenshot we can see that we have successfully cracked the password of the ZIP file using Zydra.

This is how we can use the dictionary attack we also can try without password list. In that case we need to use brute-force attack and we need to specify the type of characters that may be used in the password.

python3 zydra.py -f /home/kali/Desktop/images.zip -b digits,symbols -m 4 -x 6

Here we have choose -b flag for brute force attack and specified our password (mixing digits and symbols), then we use -m flag for minimum length of our password (we choose 4) and -x for maximum length of our password (we choose 6).

On the above screenshot we can see that Zydra has created a count of possible password list which is very big (5622834672 passwords). Which will take a lot of time. Also may gives error (but the scan continues).

Note: Zydra can recover legacy ZIP files password (The standard one). We have created a ZIP file on Linux system (using Archive Manager) Zydra can’t break it. But ZIP files created from Windows and internet works perfectly.

How to crack RAR files password using Zydra

Cracking a RAR file’s password is very similar to cracking ZIP file’s password on Zydra. To do it we need to run following command on our terminal:

python3 zydra.py -f /home/kali/Desktop/images.rar -d /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Then Zydra will start scanning the process. Here we have again choose 10k-most-common.txt password list inside our /usr/share/seclists/Passwords directory which is specified by -d flag and our target RAR file is specified by -f flag located on our Desktop.

After waiting very few moments we got our password, as we can see in the screenshot:

Now we can see on the above screenshot that we have successfully recovered the password of the RAR file.

We also can use bruteforce attack to recover the password. To do that we need to use -b flag in the place of -d flag and we should specify the type of password and length as we did on ZIP files section, an example command is following:

python3 zydra.py -f /home/kali/Downloads/file.rar -b digits,symbols -m 4 -x 6

This is how we can Crack RAR file’s password on our Kali Linux system.

How to Break or Crack Password of PDF file

Cracking PDF file’s password is also very similar as ZIP and RAR. We just need to use Zydra and tell Zydra the location of PDF file and the location of password list.

Here we have an example PDF file on our Desktop, which is locked. As we can see in the following screenshot:

Locked PDF file on Desktop

Now we run Zydra and try to break the password of this PDF file by using following command:

python3 zydra.py -f /home/kali/Desktop/test.pdf -d /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Here we have used -f flag to specify our PDF file location and we used -d to specify location of our passsword list. The output of the command shows in the following screenshot:

We can see that Zydra just not cracked the password it is also create a decrypted PDF file for us.

This is how we can crack the password of a PDF file using Zydra on our Kali Linux system.

Recover Linux passwords from shadow file

Linux’s users password stored (encrypted) on the shadow file,located on /etc/shadow. Using Zydra we also able to crack shadow file’s passwords. Zydra will crack the passwords one by one for every user on the system.

Either we can copy the shadow file from a system or we can run Zydra on the target system. Here for an example we run copied all the texts from shadow file from another system and saved it on our system (Desktop) in a file called shadow without file extension and try recover the password.

To do so we can apply following command on our terminal:

python3 zydra.py -f /home/kali/Desktop/shadow -d /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

The screenshot shows that Zydra cracked one user and trying for the other

If we need to crack our own system’s password then we need to use our root account (also may need to install rarfile pyfiglet py-term there). The command will be following(we need to log in as root, sudo command from non-root user may show error here):

python3 zydra.py -f /etc/shadow -d /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Conclusion

This is how to crack password protected ZIP, RAR, PDF files using Zydra on Kali Linux or other debian based Linux system. We also can recover password of Linux users using Zydra.

This is created for educational perpose only we also can use it to recover forgotten password of files. But using Zydra against other’s protected file will be considered crime as per law. So please do not use it to others without proper permission. We will not be responsible if anyone did this.

Love our articles? Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply.

TP-Link WN722N is a very popular WiFi adapter for wireless auditing. It is low budget and beginner friendly so cybersecurity students and new learners always look for it. Now it becomes a problem because TP-Link WN722N Version 1 comes with Atheros AR9002U chipset and supports monitor mode and packet injection. Version 2/3 has the Realtek RTL8188EUS chipset and doesn’t support monitor mode or packet injection. Also TP Link N150 TL-WN722N version 1 have low availability in the market right now.

So in our this article we are going to cover how we can set TP-Link WN722N Version 2 or Version 3 on our Kali Linux and for Monitor Mode & Packet Injection. In that way we can use this affordable and reliable WiFi adapter for WiFi security testing.

We got a TP-Link WN722N Version 2 WiFi adapter on our hand (shown in the following picture) and we will show how to use Monitor Mode and Packet Injection on it.

We can see the Model and Version on the back of the device

Now we are going to connect it on our system. After connecting it we can see it is working and we can connect to our WiFi networks with it (plug and play), but that is not our intention we need Monitor Mode and Packet Injection. Lets fire up our terminal and run following command to check our wireless network interfaces:

iwconfig

In the above screenshot we can see that in our case wlan0 is our system’s inbuilt wireless interface and wlan1 is our TP-Link WN722N’s network interface (wlan0 and wlan1 etc depends on the system, confused what is yours? Then unplug the TP-Link WN722N and run ifconfig and check then again plug it in and check again you will get it).

Now we run the following command to check if Packet Injection is supported or not on our TP-Link WN722N WiFi adapter by using following command:

sudo aireplay-ng --test wlan1

The output shown in the following screenshot:

In the above screenshot we can see that our external WiFi adapter don’t support Monitor Mode. So, we need to change the driver of this TP-Link WN722N adapter.

TP-Link WN722N V 2/3 Monitor Mode on Kali Linux

First of all we need to have an updated Kali Linux system (sudo apt update && sudo apt upgrade), We are on all updated Kali Linux box. Then we need to install some dependencies on our system by applying following command:

sudo apt install dkms bc build-essential libelf-dev -y

After applying the above command above programs will be installed on our system as we can see in the following screenshot:

Then we need to check for kernel updates by using following command:

sudo apt install linux-headers-$(uname -r)

In the following screenshot we can see that we are already on a updated kernel:

Now we remove the current driver of RTL8188EUS driver by using following command:

sudo rmmod r8188eu.ko

Then we need to be the root user by applying following command:

sudo -i

We can see the results of the above commands in the following screenshot:

Now we need to blacklist old drivers by using following commands one by one:

echo "blacklist 8188eu" >> "/etc/modprob.d/realtek.conf"

echo "blacklist r8188eu" >> "/etc/modprob.d/realtek.conf"

After it is done our old drivers are removed. Here we need a reboot, rebooting our system will prevent errors for the rest of this setup. So we must need to Reboot.

After a reboot we need to install that driver which one supports Monitor Mode & Packet Injection on TP-Link WN722N. To do that we need to clone a driver built by aircrack-ng form GitHub by using following command on our terminal window:

git clone https://github.com/aircrack-ng/rtl8188eus

We can see cloning process on the following screenshot:

After the installation process is done, we need to navigate to our cloned directory by applying following command:

cd rtl8188eus

Then we need compile this driver by using following command:

sudo make

Following screenshot shows the output of the compilation process:

This compilation process may take couple of minutes depending on our system performance. Then we need to run following command to install the compiled driver:

sudo make install

Following screenshot shows the output of the command:

Now we need to run following command to set all up:

sudo modprobe 8188eu

Now we are almost set, we just need a reboot. If everything was right then we are ready to rock after reboot. After the reboot is done let’s again check our network interfaces using following command:

iwconfig

Here we can see that the mode is still not showing Monitor Mode. Wait a bit, we need to turn on Monitor Mode on our wlan1 interface. To do that we run following commands on our terminal one by one:

sudo ifconfig wlan1 down

sudo iwconfig wlan1 mode monitor

Now we can check our network interfaces status by using following command:

iwconfig

We can see the output in the following screenshot:

In the above screenshot we can see that our wlan1 got Monitor Mode (highlighted in red). BINGO

Let’s check it it is working well or not by scanning WiFi networks around us. To do so we need to run following command:

sudo airodump-ng wlan1

We can see the output on the following screenshot:

In the above screenshot we can see that we can scan for targets with our TP-Link WN722N Version 2 WiFi adapter on our Kali Linux system.

Let we check for packet injection by using following command (We tried this on the beginning):

sudo aireplay-ng --test wlan1

In the following screenshot we can see the output of the applied command:

In the above screenshot we can see that Packet Injection is working” on our TP-Link WN722N Version 2 WiFi adapter on our Kali Linux system.

Video Tutorial

Our article is inspired from David Bombal’s Youtube video. We can check his following video for a video tutorial:

This is how we can get monitor mode and packet injection support on TP-Link WN722N version 2 and 3 (same process) on our Kali Linux system.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Our world is becoming very digitalized, and this process also touches on documentation. Creating documents includes creativity and good writing skills. For example, if you are a student, you might need some assistance with your papers. The best way to resolve writing issues is to contact a writing service, www.essayshark.com, which is irreplaceable when you need help with any type of college papers and other documents.

Secure your documents with passwords

Password protection is one of the best ways to improve your digital document security. Each user must create a strong password that will contain not only letters but also numbers and other specific signs that will make. It’s almost impossible for hackers to violate your privacy. The history of password access control began in the 1970s when computers were started to control by the Resource Access Control Facility. Since then, passwords have been required for almost every action by users, online or offline, which means providing any private information. When it comes to digital documents, using passwords is crucial. If you store your digital documents on your laptop or smartphone, you should protect your device first and secure it with a password, fingerprints, or Face ID, depending on the system’s facilities. Here are some more tips for using passwords to protect essential files and documents:

• The longer password you have, the better
• Do not use the same password for multiple platforms or websites.
• Never write down your passwords on stickers or something you can store behind your computer.
• Regularly change your passwords to prevent violation of privacy.
• Pay attention to security alert messages from the accounts you have.

Audit your security

Today’s technologies are developing very fast, and you must keep your hand on a pulse when auditing your security. Different software requires a different approach to safety, and if you can determine the security vulnerabilities of any system you use, you will be protected. Your documents must be handled and shared according to the insider security policies that are common for your personal computer system or the system of your company. The first step to take in terms of regular security is to remember to update your software and systems according to the schedule of updates and renovations to avoid accessing your secret documents by other parties that are not involved in the process of work and sharing the information.

Watermark your documents

Adding your documents with a specific watermark stamp is an excellent form of making them highly secure. There are various forms of digital watermarks that you can use, which can be dynamic or static. Suppose you want to ensure your digital security level is high and feel safe while using various documents; you should add each copy of your digital documents with a watermark. Watermarks are very effective no matter what type of documents you want to secure. They are widely used in design and companies using vast digital data. Watermarks are irreplaceable if you need to determine such preferences of the document access time, the identity of a person who viewed the document data, and other information about the version of the document.

Encrypt your files

After you finish working with your digital document and ensure you are happy with the final version, check it for plagiarism and end encryption to a document. Encrypting means that all files on your computer will be safe with the highest level of security. Encryption is easy to use. When you add encryption to your files on a computer, you prevent them from reading by people who do not know the password of your encrypted files. Only after entering the password does the file return from the encrypted version to normal. By the way, both widely used systems Mac and Windows, have pre-installed and built-in encrypting systems so you can use them.

One of the very effective ways to secure information in digital documents is by presenting as much data as possible through infographics. Using specifically presented data is helpful if you want to ensure that the information is safe. Work on specific pieces of training for your team to teach employers how to use infographics and how to apply particular instruments to create working content for digital documents. Implementing infographics will let you reach the highest level of digital document security.

Control access to documents

Controlling access to your documents is a great and effective way to secure them. Of course, each file in the private company that works with the vast amount of data must be secured by passwords. Allowing access to new people is common for almost all businesses. However, working with the team means staying in control of and applying the data security policies to each process in the company. Of course, you might think that each team member is reliable, but the security protocols must be followed in any circumstances. Ensure that day by day operations of your company are safe and controlled by specific features that lead to control access.

Afterall

Improving your digital document security is crucial to feeling safe regarding all the information you store within laptops, hard drives, and cloud storage. By reading our article, you can get a working checklist and ensure you follow all our recommendations. First, one should secure digital documents with passwords, which must be strong and contain various symbols, letters, and numbers to avoid hacking. Also, you must check and change your passwords occasionally, and do not use the same password for different accounts. Remember to audit security, implement new technologies to update the software on time, and stay in touch with the latest ideas regarding digital security. Adding watermark stamps on your digital documents is a great way to make them safe and secure. Apply encrypting files and follow the encryption policies, no matter what storage you use for your digital documents. Control access to documents as it is a great and effective way to secure information. Specific features must control the day-by-day operations of your company. We hope these recommendations are helpful and you will use all of them to secure your digital documents.

Airgeddon is a multi-featured tool for penetration testing on WiFi system or wireless networks. This all-in-one WiFi auditing tool is written in bash by v1s1t0r1sh3r3.

Key-Features of Airgeddon

Airgeddon has so much features for WiFi hacking. They are following:

• Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing.
• DoS over wireless networks using different methods (mdk3, mdk4, aireplay-ng). “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks).
• Full support for 2.4Ghz and 5Ghz bands.
• Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing
• Cleaning and optimizing Handshake captured files.
• Offline password decrypting on WPA/WPA2 captured files for personal networks (Handshakes and PMKIDs) using dictionary, bruteforce and rule based attacks with aircrack, crunch and hashcat tools. Enterprise networks captured password decrypting based on john the ripper, crunch, asleap and hashcat tools.
• Evil Twin attacks (Rogue AP)
  • Only Rogue/Fake AP mode to sniff using external sniffer (Hostapd + DHCP + DoS).
  • Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap).
  • Integrated sniffing, sslstrip2 (Hostapd + DHCP + DoS + Bettercap).
  • Integrated sniffing, sslstrip2 and BeEF Browser Exploitation Framework (Hostapd + DHCP + DoS + Bettercap + BeEF).
  • Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd).
  • Optional MAC spoofing for all Evil Twin attacks.
• WPS features
  • WPS scanning (wash). Self parameterization to avoid “bad fcs” problem.
  • Custom PIN association (bully and reaver).
  • Pixie Dust attacks (bully and reaver).
  • Bruteforce PIN attacks (bully and reaver).
  • Null PIN attack (reaver).
  • Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update.
  • Integration of the most common PIN generation algorithms (ComputePIN, EasyBox, Arcadyan, etc.).
  • Offline PIN generation and the possibility to search PIN results on database for a target.
  • Parameterizable timeouts for all attacks.
• Enterprise networks attacks
  • Fake AP using “smooth” and “noisy” modes capturing enterprise hashes and plain passwords.
  • Custom certificates creation.
• WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.).
• Compatibility with many Linux distributions (see Requirements section).
• Easy targeting and selection in every section.
• Drag and drop files on console window for entering file paths or autocomplete using tab key on every path input for easier use.
• Dynamic screen resolution detection and windows auto-sizing for optimal viewing.
• Controlled Exit. Cleaning tasks and temp files. Restoring nftables/iptables after an attack that require changes on them. Option to keep monitor mode if desired on exit.
• Multilanguage support and autodetect OS language feature (see Supported Languages section).
• Help hints in every zone/menu for easy use.
• Auto-update. Script checks for newer version if possible.
• Docker image for easy and quick container deployment. Use already built image on Docker Hub or build our own.
• Http proxy auto detection for updates.
• Wayland graphic system supported (not only X window system).
• Tmux support for headless (systems without X window) environments.
• Multiple configurable options based on fallback substitution variables options system which allow to configure many enhancements like enable/disable colors, 5Ghz band, auto updates, hint printing, etc.
• Full compatibility with iptables and nftables with autodetection and possibility to force iptables by setting an option.
• Available plugins system to let the community create their own content in an easy and flexible way using the created function hooking system. More info at Plugins System section.

Installing Airgeddon on Kali Linux

We can install airgeddon from it’s GitHub repository by cloning/downloading the repository. But in Kali Linux 2021.1 update this tool is added to Kali Linux repository. We can install it by simply using apt-get install command from any version of Kali Linux:

sudo apt-get install airgeddon

This command will install airgeddon on our Kali Linux system. The above command will prompt for root password and disk space permissions. After that this airgeddon and it’s essential requirements will be installed.

Airgeddon also requires some additional tools to use all it’s features. To install them all on our Kali Linux we use following one liner command:

sudo apt install bettercap isc-dhcp-server hostapd hostapd-wpe udhcpd mdk4 hcxdumptool lighttpd hcxtools -y

Now we can use airgeddon on our system.

Requirements for Airgeddon

• WiFi networks for testing.
• WiFi adapter that supports monitor mode & packet injection [List].

Using Airgeddon on Kali Linux

Now we can run following command to run airgeddon on our Kali Linux system.

sudo airgeddon

Then airgeddon will open in front of us as shown in the following screenshot:

After it will ask to check for all the tools installed or not, we need to press ↵ Enter to continue.

In the above screenshot we can see that we have all the tools. Now we plugin our external USB WiFi adapter that supports monitor mode and packet injection. Then we again need to press ↵ Enter again to continue.

Here we can see the list of interfaces on our system, as the following screenshot.

In our case our wlan1 interface supports monitor mode and packet injections, so we press 5 and hit ↵ Enter. This will tell airgeddon that we are going to work with that interface.

After that we got the main menu of airgeddon script.

Here at the top we can see our interface name and mode. The mode is ‘managed’ we need to change it to ‘monitor’ mode. Here everything is very clear and simple.

We can use option 2 to change the interface mode to monitor. We press 2 and ↵ Enter.

In the above screenshot we can see that our interface is changed from wlan1 to wan1mon and the mon is for monitor mode.

Now we can perform attacks using this script. For example here we demonstrate handshake capturing and evil-twin attacks using airgeddon on Kali Linux.

Capture and Crack Handshake File using Airgeddon

For an example first we capture handshake of a wireless network. Now what is handshake file? We know if we previously used a WiFi network using password and the password isn’t changed then we can easily connect to the network because of the handshake file. This file stores the password with encryption.

To perform handshake capture attack we enter in the handshake tools menu by pressing 5 and ↵ Enter. Then the handshake menu comes in front of us as the following screenshot.

Here the option number 6 is for capture the WiFi handshake. So we press 6 and hit ↵ Enter.

We did not choose any network, so airgeddon is redirect us to select a target WiFi network. We need to press ↵ Enter to continue.

Here we explore for target WiFi network. We can start the attack by pressing ↵ Enter, when we think we have found our target network we can press CRL+C to stop searching.

Here we can see that a another window is opened to search for networks. We can see that we have only target. So we can stop the search by pressing CTRL+C. Then it will show the list of targets.

As we told, we have only one WiFi network (we live in a remote area). That’s why airgeddon automatically select this. Otherwise we need to select the number of the WiFi network to select it.

We press ↵ Enter to continue. 

Now airgeddon got a valid target it it asks to continue the handshake capture. We again press ↵ Enter to continue.

Then airgeddon again prompts for the methods to capture the handshake file, as we can see in the following screenshot.

For an example we choose the deauth attack (No. 1). So we choose number 1 and press ↵ Enter.

Here we need to type of the value in seconds. We can simply press ↵ Enter to left it on it’s default value, which is 20. Then it show us some advises as we can see in the following screenshot:

We can see in the above screenshot that the tool is going to capture the handshake. It also advice us to not close the windows manually during handshake capturing. We will know when airgeddon capture the handshake file. We need to press ↵ Enter to continue.

Then we can see some terminal window is opened in front of us in the following screenshot. We should not close them. 

To clear some things here airgeddon sending de-authentication packets to the network, then all the WiFi users will disconnect for some seconds for the flood. Whenever the devices trying to connect back the WiFi network airgeddon will capture the handshake file.

After successfully capturing the handshake file these will close automatically, and show us a congratulations message. It also asks where we want to save our handshake file. The default is under /root/handshake**.cap as we can see in the following screenshot.

Here also we goes with the default by just pressing ↵ Enter. Then the handshake file is stored successfully on the root folder. Handshake capturing is complete now. We can press ↵ Enter again to back in the menu.

We can press 0 and ↵ Enter to return to the main menu.

Our captured handshake file is stored on /root/ directory. We can see it by opening our thunar file manager with root permission (sudo thunar).

We can crack the handshake file in various way. We can use airgeddons menu Airgeddon > Offline WPA/WPA2 decrypt menu > Personal > (aircrack + crunch) Bruteforce attack against Handshake/PMKID capture file. We also can use aircrack-ng or some other brute-forcing tool. There are also some online tools are available.

Evil Twin Attack using Airgeddon

We can do a lot of attacks using airgeddon. Evil twin is one of them. In this attack we create a copy of our target access point and whenever the user of the access point try to connect with our fake access point with their access point’s password we got it. But why they do it?

Because we continuously send de-authentication packets to the target access point (AP), so that the user will not able to connect with the original AP, and got trapped.

First of all we set the mode to monitor. Then we choose ‘Evil Twin attacks menu’ by pressing 7 and ↵ Enter.

Here we need to explore for the target by typing 4 as we did in the previous attack. We got auto-selected because we have only one target nearby.

Then we click ↵ Enter to continue. We get back to the ‘Evil Twin attacks menu’. Here we choose 9 for captive portal attack.

Now here we choose option 2 for ‘Deauth aireplay attack’.

Airgeddon will ask us some question. First it will ask that if we want to integrate “DoS pursuit mode”. The default is N for no, we also know that our AP will not change the channel in this case, so we press ↵ Enter to keep it default. Then it will ask if we want to spoof our mac address. We also goes with default (that is N).

Now airgeddon will ask us that have we captured the handshake of this access point. In our above attack we had captured it. So we choose Y for yes. Then it will prompt for the location of the handshake file, and we provide it, as we can see in the following screenshot:

Then it asks the location where the saved password will stay in a text file. Default location is under /root/ directory. We again goes with the default by just pressing ↵ Enter.

We can see in the above screenshot that our path is valid and we can move forward by pressing ↵ Enter.

In the next step airgeddon will create a phishing page and asks us for it’s language, as we can see in the following screenshot:

Here we choose 1 to select English, and press ↵ Enter.

Now airgeddon is ready to run the attack. All parameters and requirements are set. The attack is going to start. Multiple windows will be opened, don’t close anyone. When we want to stop the attack press ↵ Enter on this window and the script will automatically close them all.

We can see lots of terminals here for various works like de-authentication, control, DNS, Web Server etc.

Now we can see on our mobile device that we are not connected to our locked main WiFi access point and there are another access point with same name, in the following screenshot:

Whenever we connect to the other network. It automatically redirect to log in, as shown in the following screenshot:

Now here if our target use the password it will show the user that it was correct password.

We get it on our txt file on root directory. It also shown in the control terminal window. We need to keep the terminal windows open until the user did not put his password on the login screen. Hope target is not sleeping.

Here in this evil twin attack we are using the handshake file to check the password is correct or not. If they put the wrong password then it will notice it. Isn’t is amazing?

There are many types of attacks we can perform using airgeddon against a wireless network. Here we discuss about only two type because everything is very easy here. We just need to select the options only, everything will be done by the script automatically.

This is how we can install and use Airgeddon on Kali Linux. This is a very easy but powerful tool for WiFi auditing.

Airgeddon is specially designed for Linux. Airgeddon did not compatible on MacOS/OSX, because Aircrack suite does not support airodump and aireplay for OSX/MacOS, and iwconfig does not exist in OSX/MacOS.

Airgeddon is not working with any Linux distribution run under Windows subsystem (WSL). Airgeddon also didn’t support native OpenBSD and FreeBSD, iwconfig command not working there and ifconfig shows different output.

Warning:- Attacking other’s network or WiFi is not legal. We publish this article for educational purpose and tested things on our own devices. If anyone attacks on others devices then we and the tool creator will not be responsible for that.

Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply

There are lots of scanning tools used by cybersecurity professionals. Not arguably Nmap is the most famous scanning tool, but it is very slow. There are lots of more useful scanners. Masscan is the fastest port scanner in the world, but masscan is not so accurate.

If we need a enough fast scanner that gives us much reliable result we can choose Unicornscan. Unicornscan comes pre-installed with Kali Linux.

Unicornscan is a asynchronous based scanner (unlike nmap is synchronous based). That’s why it is faster.

Unicornscan was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

Key-Features of Unicornscan

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

• Asynchronous stateless TCP scanning with all variations of TCP Flags.
• Asynchronous stateless TCP banner grabbing
• Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
• Active and Passive remote OS, application, and component identification by analyzing responses.
• PCAP file logging and filtering.
• Relational database output.
• Custom module support.
• Customized data-set views.
• Has its TCP/IP stack, a distinguishing feature that sets it apart from other port scannersHas its TCP/IP stack, a distinguishing feature that sets it apart from other port scanners.

Scanning With Unicornscan

While Unicornscan comes built into Kali Linux we don’t need to install it. If if we need to install it we can use following command:

sudo apt-get install unicornscan

First we start with basic scan. To perform a basic scan we can use following command:

sudo unicornscan 192.168.112.57

The output of the command shows in the following screenshot:

Here we have run unicoenscan on a Metspliotable2 machine and we can see that the normal scan has listed all the opened TCP ports of host machine. It’s kind of similar to -Ss scan in NMap.

If we need to run basic scan using unicornscan on multiple hosts then we can run following command:

sudo unicornscan 192.168.112.57 192.168.102.100

In this case we run the scan cammand and put 2 hosts divided with ‘space’.

We also can run it against live websites, here we want that unicornscan send 30 packets per second, so we use -r30 flag. We also look for TCP ports so we can run the scan using -mT scan (T is for TCP). So the command will be following:

sudo unicornscan -r30 -mT adaptercart.com

And we got the result as we want. As we can see in the following screenshot:

In the above screenshot we can see that unicornscan scans the website’s TCP ports.

We have seen that unicornscan scans the TCP ports using -mT flag, but if we want to scan UDP ports then we can try with -mU flag. Mind the similarities then it will be easy to remember. The command will be as following:

sudo unicornscan -r300 -mU 192.168.112.57

The screenshot is following:

In the above screenshot we can see that we got UDP ports only from the hosts.

We can save the scan result in a PCAP file using following command:

sudo unicornscan -r300 -mU 192.168.112.57 -w udpports.pcap

Using the above command (-w flag) we can save the scan result in a PCAP file. We can choose any name, for an example we have chosen “udpports”. The file will be saved on our home/user directory, as we can see in the following screenshot:

This the the basic uses of Unicornscan. If we want to learn more advanced scans then we can see the help menu of Unicornscan by applying following command:

sudo unicornscan -h

This is how we can scan a host or a website using Unicornscan on our Kali Linux system.

Love our super easy articles ? Don’t wanna miss new articles? We post updates of our articles on GitHub and Twitter. Make sure to follow us there to read and learn about cybersecurity.

Have any problem or any question? Please don’t hesitate to ask us in the comment section. We read every comments and we always reply.