airbash on


Fully automated WPA PSK PMKID and handshake capture script.

It is compatible with Bash and Android Shell and uses aircrack-ng to scan for clients that are currently connected to access points (AP).
Those clients are then deauthenticated in order to capture the PMKID and/or handshake when attempting to reconnect to the AP.
Verification of captured data is done using hcxpcaptool and hcxpcapngtool from hcxtools. If one or more PMKIDs and/or handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data.

After capture, the database can be tested for vulnerable router models using
It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for
Speedport 500-700 series, Thomson/SpeedTouch, UPC 7 digits (UPC1234567) and HOTBOX routers.