BETTERCAP WIFI MODULE - COMMANDS

wifi.recon on
Start 802.11 wireless base stations discovery and handshakes/PMKID capture.
wifi.recon off
Stop 802.11 wireless base stations discovery.
wifi.clear
Clear all access points collected by the WiFi discovery module.
wifi.recon BSSID
Set 802.11 base station address to filter for.
wifi.recon clear
Remove the 802.11 base station filter.
wifi.assoc BSSID
Send an association request to the selected BSSID in order to receive a RSN PMKID key (use all, * or ff:ff:ff:ff:ff:ff to iterate
for every access point).
wifi.deauth BSSID
Start a 802.11 deauth attack, if an access point BSSID is provided, every client will be deauthenticated, otherwise
only the selected client (use all, * or ff:ff:ff:ff:ff:ff to deauth everything).

wifi.show
Show current wireless stations list (default sorting by RSSI).
wifi.show.wps BSSID
Show WPS information about a given station (use all, * or ff:ff:ff:ff:ff:ff to
wifi.recon.channel CHANNEL
Comma separated list of channels to hop on.
wifi.recon.channel clear
Enable channel hopping on all supported channels.
wifi.ap
Inject fake management beacons in order to create a rogue access point ( requires wifi.recon to run ).

Parameter default description

If filled, the module will use this interface instead of the one
wifi.interface
provided by the -iface argument or detected automatically.

wifi.region BO Set the WiFi region to this value before activating the interface.
Set WiFi transmission power to this value before activating the
wifi.txpower 30
interface.
wifi.rssi.min -200 Minimum WiFi signal strength in dBm.
wifi.show.manufacturer FALSE If true, wifi.show will also show the devices manufacturers.
wifi.show.filter Defines a regular expression filter for wifi.show.
Defines sorting field
wifi.show.sort rssi asc (rssi, bssid, essid, channel, encryption, clients, seen, sent,
rcvd) and direction (asc or desc) for wifi.show.
wifi.show.sort asc Defines sorting direction for wifi.show.
wifi.show.limit 0 If greater than zero, defines limit for wifi.show.
If channel hopping is enabled (empty wifi.recon.channel), this
wifi.hop.period 250 is the time in millseconds the algorithm will hop on every channel
(it’ll be doubled if both 2.4 and 5.0 bands are available).
~/bettercap-wifi-
wifi.handshakes.file File path of the pcap file to save handshakes to.
handshakes.pcap
If set, the wifi module will read from this pcap file instead of the
wifi.source.file
hardware interface.
wifi.skip-broken TRUE If true, dot11 packets with an invalid checksum will be skipped.
Comma separated list of BSSID to skip while sending association
wifi.assoc.skip
requests.
wifi.assoc.silent FALSE If true, messages from wifi.assoc will be suppressed.
wifi.assoc.open FALSE Send association requests to open networks.
Comma separated list of BSSID to skip while sending deauth
wifi.deauth.skip
packets.
wifi.deauth.silent FALSE If true, messages from wifi.deauth will be suppressed.
wifi.deauth.open TRUE Send wifi deauth packets to open networks.
wifi.ap.ssid FreeWifi SSID of the fake access point.
wifi.ap.bssid <random mac> BSSID of the fake access point.
wifi.ap.channel 1 Channel of the fake access point.
If true, the fake access point will use WPA2, otherwise it’ll result
wifi.ap.encryption TRUE
as an open AP.

Examples

Run bettercap using eth0 as the main interface but start the wifi module on wlan0 instead:
sudo bettercap -iface eth0 -eval "set wifi.interface wlan0; wifi.recon on"

Keep deauthing clients from the access point with BSSID DE:AD:BE:EF:DE:AD every five seconds:
> set ticker.period 5; set ticker.commands "wifi.deauth DE:AD:BE:EF:DE:AD"; ticker on

Use the ticker and wifi.recon modules to create a WiFi scanner (performing channel hopping on every supported frequency):
> set ticker.commands "clear; wifi.show"; wifi.recon on; ticker on

Sort by BSSID and filter for BSSIDs starting with F4:

> set wifi.show.sort bssid asc
> set wifi.show.filter ^F4
> wifi.show

Only recon on channels 1, 2 and 3:

> wifi.recon.channel 1,2,3; wifi.recon on

Will send management beacons as the fake access point “Banana” with BSSID DE:AD:BE:EF:DE:AD on channel 5 without encryption:
> set wifi.ap.ssid Banana
> set wifi.ap.bssid DE:AD:BE:EF:DE:AD
> set wifi.ap.channel 5
> set wifi.ap.encryption false
> wifi.recon on; wifi.ap