Reaver is a dedicated open-source wireless hacking tool designed to exploit vulnerabilities in Wi-Fi Protected Setup (WPS) implementations. Popular among penetration testers and wireless security researchers, Reaver targets WPS-enabled routers and uses brute-force techniques to recover WPA/WPA2 passphrases, often without needing to crack the password itself. It is a key tool in auditing wireless network security, particularly for home or small-office routers with poorly configured or outdated firmware.

Whether you're assessing a client's wireless perimeter or demonstrating the risks of WPS to an organization, Reaver offers a focused, effective method to test router resilience against real-world attack vectors.

First time seeing this?

What Reaver Does

Reaver exploits a fundamental design flaw in the WPS PIN authentication mechanism. WPS, designed to simplify router configuration, uses an 8-digit PIN that can be brute-forced in a short time due to poor validation practices by many vendors. Reaver repeatedly sends PIN combinations to the router and, upon success, retrieves the WPA/WPA2 passphrase directly from the access point.

Reaver can work on 2.4GHz networks and is most effective when WPS is enabled and not locked by the device firmware. The tool typically takes between 4 to 10 hours to recover a passphrase, depending on router responsiveness and lockout protections.

Find Tool

Key Features of Reaver

WPS PIN Brute-Forcing
Systematically tests all possible WPS PINs to extract the WPA/WPA2 password from vulnerable routers.

Router Compatibility
Supports a wide range of router chipsets and manufacturers, especially those with known WPS vulnerabilities.

Command-Line Interface
Lightweight CLI-based tool that provides granular control over attack parameters, including PIN sequences, timeouts, and retries.

Pixie Dust Attack Support (via Reaver-Pixie variant)
Performs offline brute-force attacks when routers leak enough entropy during the handshake process, allowing much faster cracking in some scenarios.

Custom MAC Address and Interface Support
Allows spoofing of MAC addresses and selection of specific wireless interfaces for stealth or advanced targeting.

Status Feedback and Recovery Options
Provides real-time progress reporting and allows users to resume from the last attempted PIN in case of interruption.

Join CyberMaterial’s subscriber chat

Available in the Substack app and on web

Join chat

Advanced Use Cases

Wireless Penetration Testing
Demonstrate WPS-based vulnerabilities to clients and offer recommendations for disabling or securing WPS on access points.

Home Network Audits
Test personal Wi-Fi networks for misconfigured or exposed WPS settings to prevent unauthorized access.

WPS Vulnerability Research
Evaluate WPS implementations across different firmware versions and hardware vendors to contribute to responsible disclosure efforts.

Capture-the-Flag (CTF) and Security Labs
Used in CTF challenges and hands-on cybersecurity training environments to simulate real-world wireless attacks.

Report Incident

Latest Updates

Recent enhancements and forks of Reaver have introduced:

• Pixie Dust attack integration for faster offline cracking on supported routers

• Improved chipset support including Atheros and Ralink devices

• Better error handling and timeout management

• Community-maintained forks (like Reaver-WPS-Fork-T6x) with bug fixes and more stable performance on modern Linux systems

  ---

Check Jobs

Why It Matters

Wireless security is often the weakest link in home and SMB networks. Despite WPA2 encryption, the presence of WPS can expose users to brute-force attacks that circumvent complex passwords altogether. Reaver helps uncover these risks before attackers do. By demonstrating the real-world implications of enabling WPS, security professionals can advocate for safer configuration practices and stronger wireless defenses.

Visit Book Club

Requirements and Platform Support

Reaver runs on:

• Linux distributions (especially Kali Linux and Pentoo)

• OpenWRT routers (via compiled binaries)

• Requires compatible wireless adapters that support monitor mode and packet injection (e.g., Alfa AWUS036NHA)

It requires:

• Root privileges to manage wireless interfaces

• A wireless card with support for monitor mode

• Aircrack-ng suite or wash utility for WPS detection

Reaver is open-source and available for free on GitHub and security-focused Linux distributions. Community documentation and tutorials make it accessible even to those new to wireless security testing.