▄▖ ▄▖▌ ▗ ▄▖ ▗ ▌ ▌
▌▌▛▌█▌▚ ▛▌▛▌▜▘▄▖▙▖▚▘▜▘█▌▛▌▛▌█▌▛▌
▙▌▌▌▙▖▄▌▌▌▙▌▐▖ ▙▖▞▖▐▖▙▖▌▌▙▌▙▖▙▌
This tool performs various WPS attacks without the requirement of monitor mode.
This is an improved version of the original OneShot
- Highlighting of a vulnerable WPS version (
1.0) in the scanner - Ability to save the AP right into the Network Manager of your system
- Ability to kill/restore interfering processes using the same interface
- Minor changes (e.g,
WPA3TMindication, bettervulnwscdetection,RF-Killhandling) - Improved Scanner reliability (retries,
updetection,lockdetection) - Improved Android support
- Many new command arguments and features
- Works on modern python versions (
>3.10)
- PIN/Null PIN and Push button connection
- Pixie Dust attack
- Online WPS bruteforce
- Offline WPS PIN generating algorithm
- Wi-Fi scanner with highlighting based on iw;
- Ability to save the AP to network manager
- Ability to write to a file
Required arguments:
-i, --interface INTERFACE
Name of the interface to use
-b, --bssid BSSID BSSID of the target AP
Attack Modes:
-p, --pin PIN Use the specified pin (arbitrary string or 4/8 digit pin)
-N, --null-pin Use a null pin
-P, --pixie-dust Run Pixie Dust attack
-B, --bruteforce Run online bruteforce attack
--pbc, --push-button-connect
Run WPS push button connection
Optional arguments:
-k, --kill Automatically kill processes interfering with the wireless interface
-r, --restore Restore killed interfering processes on exit (--kill)
-w, --write Write credentials to the file on success
-s, --save Save the AP to network manager on success
-l, --loop Run in a loop
-c, --clear Clear the screen on every wi-fi scan
-d, --delay DELAY Set a delay between pin attempts in seconds (default: 0)
-t, --timeout TIMEOUT
Set the timeout for retrying after WPS lock (default: 60)
Advanced Arguments:
-F, --pixie-force Run Pixiewps with --force option (bruteforce full range)
-S, --show-pixie Print pixiewps command and related data
-I, --iface-down Down network interface when the work is finished
-M, --mtk-wifi Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
-D, --dont-touch-settings
Don't touch the Android Wi-Fi settings on startup and exit
--reverse-scan Reverse order of networks in the list of networks. Useful on small displays
--vuln-list VULN_LIST
Use custom file with vulnerable devices list
-v, --verbose Verbose output
-h, --help Show this help message and exit
On Termux:
pkg install -y root-repo
pkg install -y git tsu python wpa-supplicant pixiewps iw openssl iproute2On Linux distributions. Install these packages through your package manager:
python3 wpa-supplicant iw wget pixiewps iproute2Downloading the source:
cd ~
git clone https://github.com/chickendrop89/OneShot-Extended oseUpdating the source after a recent commit:
cd ose
git fetch
git reset --hard origin/masterPixie Dust attack:
sudo python ose.py -i wlan0 -PPixie Dust attack:
sudo python ose.py -i wlan0 -BDevice or resource busy (-16)
- This happens because some other process is using the interface.
- Turn off Wi-Fi scanners/managers or use
--killargument to stop them.- on Android, the Wi-Fi scanner is automatically disabled, and the use of
--killargument is not recommended
- on Android, the Wi-Fi scanner is automatically disabled, and the use of
The wireless interface disappears when Wi-Fi is disabled on Android devices with MediaTek SoC
- Try running Oneshot-Extended with the
--mtk-wififlag to initialize Wi-Fi device driver.
- This tool is intended for educational and authorized penetration testing purposes only.
- It is not designed for, and must not be used for, illegal activities such as hacking, unauthorized access, or causing damage to systems or networks.
- By using this tool, you agree to use it responsibly and ethically, and to comply with all applicable laws and regulations.
- The developer assumes no responsibility for any misuse of this tool.
