Bully WPS attack

Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

Bully provides several improvements in the detection and handling of anomalous scenarios. It has been tested against access points from numerous vendors, and with differing configurations, with much success.

You must already have Wiire's Pixiewps installed. The latest version can be found here: https://github.com/wiire/pixiewps.


apt-get -y install build-essential libpcap-dev libssl-dev aircrack-ng pixiewps


git clone https://github.com/aanarchyy/bully
wget https://github.com/aanarchyy/bully/archive/master.zip && unzip master.zip


cd bully*/
cd src/


make install

-d // --pixiewps

The -d option performs an offline attack, Pixie Dust (pixiewps), by automatically passing the PKE, PKR, E-Hash1, E-Hash2, E-Nonce and Authkey. pixiewps will then try to attack Ralink, Broadcom and Realtek chipsets.


Password Attacks, Setting Up, Training, Wireless Attacks