Pyxiewps is a wireless attack tool writen in python that uses reaver, pixiewps, macchanger and aircrack to retrieve the WPS pin of any vulnerable AP in seconds. There are already a lot of tools, reaver included, that can attack an access point (AP) using the Pixie Dust vulnerability but this tool was made to do it automatically – fast and user friendly.
> #### If the router is vulnerable, this script will use reaver and pixiewps to retrieve the AP password in 11 seconds. > > jgilhutton
It enumerates all the APs with active WPS, tries to get the PKE, PKR, E-NONCE, R-NONCE, AUTHKEY, HASH1 and 2 using the patched version of reaver, then passes all that information to pixiewps program so that it can retrieve the WPS pin, and finally runs reaver again with the pin that pixiewps found to get the AP WPA password.
python pyxiewps-[LANGUAGE].py <arguments> -p --use-pixie Once all the data is captured with reaver [False] the script tries to get the WPS pin with pixiewps. -a --airodump-time [time] Airodump spends this amount of time enumerating APs  -t --time [time] Set the time used to get the hex data from the AP.  -c --channel [channel] Set the listening channel to enumerate the WPS-active APs. If not set, all channels are listened. -P --prompt If more than one WPS-active AP is found, ask the user [False] the target to attack. -o --output [file] Outputs all the data into a file. -f --pass If the WPS pin is found, the script uses reaver again to retrieve the WPA password of the AP. -q --quiet Doesn't print the AP information. Will print the WPS pin and pass if found. -F --forever Runs the program on a While loop so the user can scan and attack a hole zone without having to execute the program over and over again. -A --again Target is attacked again in case of success without prompting the user. -s --signal [-NUMBER] APs with RSSI lower than NUMBER will be ignored [-100] A value of "-50" will ignore APs with RSSI between -100 and -51 and will attack APs which RSSI goes from -50 to 0 -M --max-aps [number] Max amount of APs to be attacked. -m --mode [mode] Set the mode preset. Any preset option can be override by giving its argument and value on the commandline. i.e: "-m DRIVE -t 10"
WALK: [-p] [-f] [-a 4] [-t 8] [-F] [-M 2] Tries to get the WPS pin 4 seconds will be used to enumerate the APs 8 seconds will be used to fetch the AP information Will try to get the password The program will run in a while loop. A max amount of 2 APs will be attacked AP won't be atacked again if failed once DRIVE: [-p] [-t 10] [-F] [-M 1] Tries to get the WPS pin 3 seconds will be used to enumerate the APs 10 seconds will be used to fetch the AP information Won't try to get the password The program will run in a while loop. Only one AP will be attacked AP won't be atacked again if failed once STATIC: [-p] [-f] [-a 5] [-t 10] [-P] [-O] Tries to get the WPS pin 5 seconds will be used to enumerate the APs 10 seconds will be used to fetch the AP information Will try to get the password The program will run only once User will be prompted for an AP to attack AP will be atacked again if failed once
python pyxiewps-[LANGUAGE].py -p -t 6 -c 7 -P -o file.txt -f python pyxiewps-[LANGUAGE].py --use-pixie --time 6 --channel 7 --prompt --output file.txt --pass
pyxiewps -m DRIVE