explaingit

ymsniper/kto

Analysis updated 2026-05-18

134PythonAudience · ops devopsComplexity · 3/5Setup · moderate

TLDR

KTO (Kick Them Out) is a Python tool for authorized Wi-Fi security testing that continuously deauthenticates all non-whitelisted devices from a target network.

Mindmap

mindmap
  root((KTO))
    What it does
      Scans Wi-Fi devices
      Deauthenticates targets
      Repeats continuously
    Tech stack
      Python
      Scapy
      aircrack-ng
    Use cases
      Authorized pentesting
      Device whitelisting
      Passive monitoring
    Requirements
      Root access
      Explicit permission

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Continuously scan a Wi-Fi network and deauthenticate all connected devices except whitelisted ones, for authorized security testing.

USE CASE 2

Protect specific devices during a test by whitelisting their hardware addresses from the command line or a file.

USE CASE 3

Log every disconnection event with a timestamp, or run in passive mode to only discover devices without disconnecting them.

What is it built with?

PythonScapyaircrack-ng

How does it compare?

ymsniper/ktolynote-ai/ai-detector-skillrss3208/visiomaster
Stars134134134
LanguagePythonPythonPython
Setup difficultymoderateeasyhard
Complexity3/52/53/5
Audienceops devopsgeneralresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Python 3.10+, Scapy, the aircrack-ng suite, and root privileges, only use on networks you're authorized to test.

The README does not state a license.

In plain English

KTO, short for Kick Them Out, is a Python tool for disconnecting devices from a Wi-Fi network. It works by sending deauthentication frames, which are a standard part of the Wi-Fi protocol that tell a device it has been disconnected from an access point. The tool is intended for authorized security testing on networks you own or have permission to test. The README prominently warns that using it on networks without explicit permission is illegal in most places. The tool automates what would otherwise be a manual process. Other tools that do this require you to already know the hardware addresses of specific devices, manually target each one, and run the command again if a device reconnects. KTO instead continuously scans the target network, builds a live list of connected devices, deauthenticates all of them except those you have placed on a whitelist, and repeats the cycle. Devices that reconnect get caught on the next sweep without any manual intervention. A whitelist lets you protect specific devices by their hardware address, either entered directly on the command line or read from a file. This is useful when testing your own network and you do not want your own phone or computer to be disconnected. An aggressive mode runs the scanning and disconnection steps in parallel to close the window during which a device could reconnect between sweeps. The tool can display a live table of connected devices in the terminal, log every disconnection event to a file with a timestamp, and optionally run in a passive mode that only discovers and records devices without sending any disconnection frames. It also detects whether the target access point has a security feature called Protected Management Frames enabled, which causes modern devices to ignore deauthentication frames, and warns you if that is the case. KTO requires Python 3.10 or newer, the Scapy networking library, and the aircrack-ng suite of wireless tools. It must be run as root.

Copy-paste prompts

Prompt 1
Explain how to set up a device whitelist so my own phone isn't disconnected during a test.
Prompt 2
Walk me through running this tool in passive mode to just list connected devices without disconnecting them.
Prompt 3
How does aggressive mode reduce the chance of a device reconnecting between scan sweeps?
Prompt 4
What does it mean if this tool warns that Protected Management Frames are enabled on the target network?

Frequently asked questions

What is kto?

KTO (Kick Them Out) is a Python tool for authorized Wi-Fi security testing that continuously deauthenticates all non-whitelisted devices from a target network.

What language is kto written in?

Mainly Python. The stack also includes Python, Scapy, aircrack-ng.

What license does kto use?

The README does not state a license.

How hard is kto to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is kto for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.