fluxionnetwork/fluxion

★ 5,692HTMLAudience · ops devopsComplexity · 4/5Setup · hard

Mindmap

mindmap
  root((Fluxion))
    How it works
      Scan target network
      Capture handshake
      Create fake AP
      Show captive portal
    Requirements
      Kali Linux
      External Wi-Fi card
      Monitor mode support
    Limitations
      No Windows WSL
      Authorization required
    Installation
      Clone and run script
      BlackArch package

mindmap root((Fluxion)) How it works Scan target network Capture handshake Create fake AP Show captive portal Requirements Kali Linux External Wi-Fi card Monitor mode support Limitations No Windows WSL Authorization required Installation Clone and run script BlackArch package

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Audit a Wi-Fi network you are authorized to test by simulating a social engineering credential capture attack

USE CASE 2

Capture a WPA handshake from a target network during an authorized penetration test

USE CASE 3

Test whether users at an organization will submit their Wi-Fi password to a fake router login page

USE CASE 4

Verify that a submitted password matches a captured handshake to confirm credential recovery

Tech stack

HTMLLinuxBash

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Kali Linux with an external Wi-Fi adapter that supports monitor mode, does not work on Windows Subsystem for Linux.

In plain English

Fluxion is a wireless security auditing tool that tests whether a Wi-Fi network's password can be retrieved through a social engineering technique. It is designed for security researchers and penetration testers who have authorization to test the networks they are targeting. The README states explicitly that using it against infrastructure without the owner's permission is illegal and discouraged. The way it works starts with scanning for a target wireless network and capturing what is called a handshake, a piece of data exchanged when a device connects to the network. That handshake is used later to verify whether a password attempt is correct. Fluxion then creates a fake duplicate of the real access point and runs software that disconnects devices from the legitimate network, pushing them toward the fake one. Users who reconnect through the fake network are shown a captive portal, which is a web page resembling a router login screen asking them to re-enter their Wi-Fi password. Any password submitted through that page is checked against the captured handshake, and once the correct one is entered, the tool stops and logs it. Fluxion runs on Linux and is best suited for Kali Linux, a distribution built for security testing. It requires an external Wi-Fi card in most cases to support the monitor mode needed for these operations. It does not work on Windows Subsystem for Linux because that environment lacks access to wireless hardware. Installation is done by cloning the repository and running the provided shell script, which checks for missing dependencies and offers to install them. It is also available as a package in the BlackArch Linux repository. The setup is described as mostly manual, with an experimental automatic mode covering some steps.

Copy-paste prompts

Prompt 1

I am running Fluxion on Kali Linux for an authorized pentest. Walk me through the steps from scanning for a target to capturing the Wi-Fi password.

Prompt 2

What external Wi-Fi adapter should I use with Fluxion to support monitor mode and packet injection on Kali Linux?

Prompt 3

How do I install Fluxion on Kali Linux and check that all required dependencies are present?

Prompt 4

How does Fluxion verify that a password submitted through the captive portal is correct using the captured WPA handshake?

Open on GitHub → Explain another repo

← fluxionnetwork on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.