Skip to content
This repository has been archived by the owner on Aug 29, 2022. It is now read-only.


Folders and files

Last commit message
Last commit date

Latest commit



39 Commits

Repository files navigation

Maintenance GitHub issues GitHub forks GitHub stars GitHub license Twitter

Wifi Deauthentication Attack

Sends deauth(deauthentication) packets to wifi network which results network outage for connected devices. Uses scapy module to send deauth packets. Know more about Deauthentication Attack


  1. aircrack-ng.(I highly recommend to install latest version, from source to support more network drivers/cards.)
    • sudo apt-get install aircrack-ng -y
  2. scapy
    • sudo apt-get install python-scapy -y

How to run?

We can run in 2 ways:

  • sudo python

    It will automatically creates mon0 with airmon-ng start wlan0(it wont create, if already exists) and sniffs the wifi signal on that interface. After few seconds, it will displays the SSID and its MAC to choose.

  • sudo python -m XX:YY:AA:XX:YY:AA

    MAC address as command line argument. In this case, there is no need to sniff wifi.

What's new in version 3.1

  • Daemonize the attack i.e performs attack in background
  • Compatable to new airmon-ng version
  • Able to detect different wireless interface name(like wlp13s0)
  • Kill daemon option
  • Now you can get wifi networks with iwlist tool (Relatively faster)


root@ghost:/opt/scripts#./ -h
usage: [-h] [-d] [-c COUNT] [-m MAC] [-w] [-k] [-v]

Sends deauthentication packets to a wifi network which results network outage
for connected devices. [Coded by VEERENDRA KAKUMANU]

optional arguments:
  -h, --help  show this help message and exit
  -d          Run as daemon
  -c COUNT    Stops the monitoring after this count reachs. By default it is
  -m MAC      Sends deauth packets to this network
  -w          Uses "iwlist" to get wifi hotspots list
  -k          Kills "Deauth Daemon" if it is running
  -v          show program's version number and exit

In Action


  • What is the option -c "COUNT"?

    It is a threshold value to stop the "monitoring". The access point or wifi hotspot trasmits beacon frames periodically to announce it's presence. The beacon frame contains all the information about the network. Now, the script looks for these beacons and makes count. If the count reachs the limit, it will stops the monitoring.

    • If you think, the monoring is taking to much time? then specify the count with less number(Default is 2000), but it may not get all wifi hotspots near to you. Because you are listening only few beacons
  • What is the option -w "Uses "iwlist" to get wifi hotspots list"?

    Script runs iwlist wlan0 s and gets wifi networks near to you

  • What is the option -d "Run as daemon"?

    Script runs in background while attacking. (Use option -k to kill)

Known Issues

  • For some reasons, sometimes the script is not able to find all near wifi hotspots.(Use -w option)
  • If you try to attack on a wifi hotspot which is created by "Android" device, it won't work!.(May be it uses 802.11w)
  • Don't run the script with -w continously twice or more, you may get below error. If this is the case, restart network-manager; sudo service network-manager restart
    • wlp13s0 Interface doesn't support scanning : Device or resource busy

Get it!

wget -qO

How to avoid Deauthentication attack?

Use 802.11w suppored routers. Know more about 802.11w and read cisco document


In order to work deauthentication attack successful, you should near to the target network. The deauth packets should reach the connected devices of the target network(s)