\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{jlunz} \pdfinfo{ /Title (reaver-cheat-sheet.pdf) /Creator (Cheatography) /Author (jlunz) /Subject (Reaver Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{E30E0E} \definecolor{LightBackground}{HTML}{FDEFEF} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Reaver Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{jlunz} via \textcolor{DarkBackground}{\uline{cheatography.com/147470/cs/32070/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}jlunz \\ \uline{cheatography.com/jlunz} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 17th May, 2022.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{2} \begin{tabularx}{8.4cm}{x{2.8 cm} x{5.2 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Required Arguments}} \tn % Row 0 \SetRowColor{LightBackground} -i, -{}-interface=\textless{}wlan\textgreater{} & Name of the monitor-mode interface to use \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} -b, -{}-bssid=\textless{}mac\textgreater{} & BSSID of the target AP \tn % Row Count 4 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{2.96 cm} x{5.04 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Optional Arguments}} \tn % Row 0 \SetRowColor{LightBackground} -m, -{}-mac=\textless{}mac\textgreater{} & MAC of the host system \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} -e, -{}-essid=\textless{}ssid\textgreater{} & ESSID of the target AP \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} -c, -{}-channel=\textless{}channel\textgreater{} & Set the 802.11 channel for the interface (implies -f) \tn % Row Count 7 (+ 3) % Row 3 \SetRowColor{white} -o, -{}-out-file=\textless{}file\textgreater{} & Send output to a log file {[}stdout{]} \tn % Row Count 9 (+ 2) % Row 4 \SetRowColor{LightBackground} -s, -{}-session=\textless{}file\textgreater{} & Restore a previous session file \tn % Row Count 11 (+ 2) % Row 5 \SetRowColor{white} -C, -{}-exec=\textless{}command\textgreater{} & Execute the supplied command upon successful pin recovery \tn % Row Count 14 (+ 3) % Row 6 \SetRowColor{LightBackground} -D, -{}-daemonize & Daemonize reaver \tn % Row Count 16 (+ 2) % Row 7 \SetRowColor{white} -f, -{}-fixed & Disable channel hopping \tn % Row Count 17 (+ 1) % Row 8 \SetRowColor{LightBackground} -5, -{}-5ghz & Use 5GHz 802.11 channels \tn % Row Count 18 (+ 1) % Row 9 \SetRowColor{white} -v, -{}-verbose & Display non-critical warnings (-vv or -vvv for more) \tn % Row Count 21 (+ 3) % Row 10 \SetRowColor{LightBackground} -q, -{}-quiet & Only display critical messages \tn % Row Count 23 (+ 2) % Row 11 \SetRowColor{white} -h, -{}-help & Show help \tn % Row Count 24 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.2 cm} x{4.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Advanced Options}} \tn % Row 0 \SetRowColor{LightBackground} -p, -{}-pin=\textless{}wps pin\textgreater{} & Use the specified pin (may be arbitrary string or 4/8 digit WPS pin) \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} -d, -{}-delay=\textless{}seconds\textgreater{} & Set the delay between pin attempts {[}1{]} \tn % Row Count 5 (+ 2) % Row 2 \SetRowColor{LightBackground} -l, -{}-lock-delay=\textless{}seconds\textgreater{} & Set the time to wait if the AP locks WPS pin attempts {[}60{]} \tn % Row Count 8 (+ 3) % Row 3 \SetRowColor{white} -g, -{}-max-attempts=\textless{}num\textgreater{} & Quit after num pin attempts \tn % Row Count 10 (+ 2) % Row 4 \SetRowColor{LightBackground} -x, -{}-fail-wait=\textless{}seconds\textgreater{} & Set the time to sleep after 10 unexpected failures {[}0{]} \tn % Row Count 13 (+ 3) % Row 5 \SetRowColor{white} -r, -{}-recurring-delay=\textless{}x:y\textgreater{} & Sleep for y seconds every x pin attempts \tn % Row Count 15 (+ 2) % Row 6 \SetRowColor{LightBackground} -t, -{}-timeout=\textless{}seconds\textgreater{} & Set the receive timeout period {[}10{]} \tn % Row Count 17 (+ 2) % Row 7 \SetRowColor{white} -T, -{}-m57-timeout=\textless{}seconds\textgreater{} & Set the M5/M7 timeout period {[}0.40{]} \tn % Row Count 19 (+ 2) % Row 8 \SetRowColor{LightBackground} -A, -{}-no-associate & Do not associate with the AP (association must be done by another application) \tn % Row Count 23 (+ 4) % Row 9 \SetRowColor{white} -N, -{}-no-nacks & Do not send NACK messages when out of order packets are received \tn % Row Count 26 (+ 3) % Row 10 \SetRowColor{LightBackground} -S, -{}-dh-small & Use small DH keys to improve crack speed \tn % Row Count 28 (+ 2) % Row 11 \SetRowColor{white} -L, -{}-ignore-locks & Ignore locked state reported by the target AP \tn % Row Count 30 (+ 2) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{3.2 cm} x{4.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Advanced Options (cont)}} \tn % Row 12 \SetRowColor{LightBackground} -E, -{}-eap-terminate & Terminate each WPS session with an EAP FAIL packet \tn % Row Count 3 (+ 3) % Row 13 \SetRowColor{white} -n, -{}-nack & Target AP always sends a NACK {[}Auto{]} \tn % Row Count 5 (+ 2) % Row 14 \SetRowColor{LightBackground} -w, -{}-win7 & Mimic a Windows 7 registrar {[}False{]} \tn % Row Count 7 (+ 2) % Row 15 \SetRowColor{white} -K, -Z, -{}-pixie-dust & Run pixiedust attack \tn % Row Count 9 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Reaver Examples}} \tn % Row 0 \SetRowColor{LightBackground} \{\{width=50\}\} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} & Usually, the only required arguments to Reaver are the interface name and the BSSID of the target AP. \tn % Row Count 6 (+ 6) % Row 1 \SetRowColor{white} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -vv & It is suggested that you run Reaver in verbose mode in order to get more detailed information about the attack as it progresses. \tn % Row Count 13 (+ 7) % Row 2 \SetRowColor{LightBackground} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -c \textless{}channel\textgreater{} -e \textless{}essid\textgreater{} & The channel and SSID (provided that the SSID is not cloaked) of the target AP will be automatically identified by Reaver, unless explicitly specified on the command line. \tn % Row Count 22 (+ 9) % Row 3 \SetRowColor{white} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -{}-dh-small & Since version 1.3, Reaver implements the small DH key optimization which can speed up the attack speed. \tn % Row Count 28 (+ 6) % Row 4 \SetRowColor{LightBackground} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -{}-fixed & By default, if the AP switches channels, Reaver will also change its channel accordingly. However, this feature may be disabled by fixing the interface's channel. \tn % Row Count 37 (+ 9) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Reaver Examples (cont)}} \tn % Row 5 \SetRowColor{LightBackground} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -{}-mac=\textless{}spoofed MAC\textgreater{} & When spoofing your MAC address, you must set the desired address to spoof using the ifconfig utility, and additionally tell Reaver what the spoofed address is. \tn % Row Count 8 (+ 8) % Row 6 \SetRowColor{white} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -t \textless{}sec\textgreater{} & The default receive timeout period is 5 seconds. This timeout period can be set manually if necessary (minimum timeout period is 1 second). \tn % Row Count 15 (+ 7) % Row 7 \SetRowColor{LightBackground} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -d \textless{}sec\textgreater{} & The default delay period between pin attempts is 1 second. This value can be increased or decreased to any non-negative integer value. A value of zero means no delay. \tn % Row Count 24 (+ 9) % Row 8 \SetRowColor{white} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -{}-lock-delay=\textless{}sec\textgreater{} & Some APs will temporarily lock their WPS state, typically for five minutes or less, when "suspicious" activity is detected. By default when a locked state is detected, Reaver will check the state every 315 seconds (5 minutes and 15 seconds) and not continue brute forcing pins until the WPS state is unlocked. This check can be increased or decreased to any non-negative integer value. \tn % Row Count 44 (+ 20) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Reaver Examples (cont)}} \tn % Row 9 \SetRowColor{LightBackground} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -T \textless{}sec, .2-1sec\textgreater{} & The default timeout period for receiving the M5 and M7 WPS response messages is .1 seconds. This timeout period can be set manually if necessary (max timeout period is 1 second). \tn % Row Count 9 (+ 9) % Row 10 \SetRowColor{white} reaver -i \textless{}interface\textgreater{} -b \textless{}MAC\textgreater{} -{}-fail-wait=\textless{}sec\textgreater{} & sending an EAP FAIL message to close out a WPS session is sometimes necessary. By default this feature is disabled, but can be enabled for those APs that need it. When 10 consecutive unexpected WPS errors are encountered, a warning message will be displayed. Since this may be a sign that the AP is rate limiting pin attempts or simply being overloaded, a sleep can be put in place that will occur whenever these warning messages appear. \tn % Row Count 31 (+ 22) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}