How To Hack Wifi WPA And WPA2 Without Using Wordlist In Kali Linux OR Hacking Wifi Through Reaver

In this tutorial, we will delve into the intriguing world of WiFi hacking without the need for a wordlist. You can also refer to this as hacking WiFi passwords using the Reaver method. Before we begin, it is crucial to emphasize that this information is intended solely for educational purposes. We do not endorse or support any illegal activities, and this guide is meant for ethical use only. So. Lets start How To Hack Wifi Without Using Wordlist Or Hacking Wifi Password Using Reaver Method 



1.   Kali Linux – Operation System in Your System or In Your Flash Disk (USB Pendrive)
2.   4GB or Above Pendrive
4.   Access to WiFi networks nearby with excellent signal strength to expedite the hacking process.


  • Before we proceed, it's important to understand the limitations of this method:
  • This method can only hack WiFi routers with WPS (WiFi Protected System) enabled.
  • It cannot hack routers with WPS turned on.

Understanding WPS:

WPS stands for WiFi Protected System, a security protocol enabled on some routers. It is considered one of the most effective methods to hack WiFi networks, but it comes with its own set of limitations. Some routers with WPS enabled are further secured by a feature called "AP Rate Limiting." If you encounter a network with this security measure, it is advisable to move on to another network.

  1. To date, no known method can break the security system of AP Rate Limiting. We may explore this further in future posts.
  2. WPA and WPA2 networks can typically only be hacked using a wordlist, which employs a Brute Force Attack with a relatively low probability of success (around 35%).
  3. However, the Reaver method boasts a 100% success rate, provided AP Rate Limiting is not in place.
  4. Therefore, it is advisable to opt for the Reaver method if WPS is available on the target network.
  5. Additionally, the Reaver method is more time-efficient compared to a Brute Force or Dictionary Attack.
  6. If the target network has an excellent signal strength, and your system is in good condition, the hack can be completed in as little as 5 to 18 hours.

How To Hack Wifi WPA/WPA2 - WPS Enabled Netork without Using Wordlist

Step 1: Open Terminal and type "ifconfig"  (Optional)

Step 2:  Here I will be selecting wlan0 as my interface

             And the Next Command Is  “airmon-ng start wlan0”

Step 3: Now you can see the available supplicants and the interfaces 

Step 4:  There are two options from here on, you can either kill the supplicants or move on with the other command. 

1)   By Using Kill Command and Stopping the Wlan0 Supplicants

    2)   By Using the Command "airodump-ng mon0" instead of kill and the next  
                                command is  "airodump-ng wlan0"

 Here i used "Kill" Command to kill the supplicants, you can follow any of these   methods

Step 5: Now Type The Following Command "airodump-ng wlan0"

For Kali Linux 2016 and later on versions,  type "airodump-ng wlan0mon"

Step 6: Here you can see all the available wifi networks 

Step 7:  Press "CTRL + C" to stop the search

Step 8: Type "wash -i wlan0mon" 
if that doesn't work type "wash -i mon0"
Wash is a tool used to search for all the wps enabled networks around you. 

Step 9:  Here are the wps enabled networks available around me :p. 

Note:  Reaver can hack networks for which WPS is enabled and not locked, which can be seen below. In the WPS Locked Column. If it says

 "Yes" - reaver can not hack such networks 
  "NO" -- Reaver can hack those networks 

Step 10: Press "CTRL + C" to stop the search and select a network that you want to hack

 Step 11: Copy the "BSSID" of the network

Step 12: Now time to hack the network using Reaver :p 
"Reaver -i mon0 -b bssid -vv"

Here bssid = the mac address or the bssid  that you copied earlier
          mon0= Interface (you can either use wlan0 or mon0 or wlan0mon in Kali 2016 or higher)

Step 13: Now reaver starts its program and the Hacking Starts, you need to wait till it completes it's hack(100%)

Reaver takes at least 6-18 hours to hack the network password, so please be patient and let it do its work. WPS pin contains 99999999 combinations, so it might take a while to crack it. 

After reaching 100% you can see the password of that network, as it takes a lot of time I am not able to show you the password of that network. But can guarantee you that this is the best and easiest way to hack wifi wpa and wpa2 password

Reaver can hack routers which are manufactured before 2012, later on manufactured discovered the flaw and modified in such a way that, when someone try to brute force wps pin, it automatically locks the wps system which is a disadvantage to reaver.


If you face this Error, most likely you should stop using this reaver attack and go for Evil Twin Method, which can Hack any router but with user's Interference.  

The Reason for getting this Error is WPS Protection is turned "ON" on the victim's Router. We cannot hack WPS locked router's using Reaver, you need to use evil twin attack to hack WPS locked networks, that's the only method as of now.

If you get an error of AP Rate Limiting then try using the following commands, for very few router's this command will work

So, if you face any kind of issue check for the error and type "reaver --help"

and if its like the problem with nack

type the command
 "reaver -bssid routermac --channel number -i mon0 -A -vvv --no-nacks"

“reaver –i mon0 –b bssid –d 30 –vv –dh-small”

AP rate limiting cannot be cracked using reaver attack, nowadays almost all the routers come with WPS lock turned on so this might not work on all the routers.

                                                    Never Give Up

How to Secure Yourself from Reaver Attack:

If You don’t want to be a victim of Rever Attack, replace your very old routers with new one or simply disable WPS from your Router’s control panel.

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.


Unknown said...

by this method i can hack all wifi of wpa wpa2 protocols ans me plzzzz

Unknown said...

Nicely Illustrated and defined. Thanks man next time again in AP limitation

Unknown said...

hi am clif, i recently got a .cap file from a wifi network WPA2 but each time i try to crack it using the 'sqlmap.txt' dictionary in kali, my computer just over heats and shutdown after only about 8733 keys have been tested. this is my email

Bhuban Baral said...

when i type the command “reaver –i mon0 –b bssid -vv” it says Input/Output error where am i wrong?

Post a Comment