Reaver Pro

Notify me when Reaver Pro is available!

Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.

WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point's PIN and then extract the PSK and give it to the attacker.

Current attacks against WPA networks involve the computation of rainbow tables based on a dictionary of potential keys and the name (SSID) of the network being attacked. Rainbow tables must be re-generated for each network encountered and are only successful if the PSK is a dictionary word. However, Reaver is not restricted by the limitations of traditional dictionary-based attacks. Reaver is able to extract the WPA PSK from the access point within 4 - 10 hours and roughly 95% of modern consumer-grade access points ship with WPS enabled by default.

You can find the free, open source version of Reaver at Google Code

Tactical Network Solutions is now pleased to offer a commercial version of Reaver called Reaver Pro. Reaver Pro is a dedicated hardware solution that allows operators to effortlessly conduct WPS attacks via a graphcial web interface. The hardware is preconfigured and tested for field use, operators only have to plug it and start the attack. Simply connect a laptop to the ethernet port and open a web browser- you'll automatically be redirected to the Reaver Attack Interface. 

Unfortunately, the first limited edition run of Reaver Pro is now sold out.