Introduction I've seen many posts in forums, enquiring about the possibility of cracking a WPA passphrase without de-auth'ing a wireless client and collecting the handshake. 99.99% of the time, the response has been that such a task is impossible. This is quite disappointing to see, as it is certainly not impossible. Just because it's not built into automated tools such as aircrack-ng or cowpatty, doesn't mean it cannot be done. All that's required is a little lateral thinking and some ingenuity. Before I carry on, fair warning that this current implementation is dog-slow. It attempts to establish a connection with an AP, taking into account collisions, delays, retransmissions etc, we're currently looking at a few seconds a guess. However, the idea of the tool is to provide a PoC. I'm sure there are more efficient ways of doing this, but I wanted to demonstrate that you cannot always rely on automated tools to hold your hand. Mjölnir The script is called Mjölnir (the Norse translation of Thor's Hammer). It is a simple wrapper around the wpa_supplicant and wpa_cli tools, which takes some input from the user and runs loops to establish a connection to the AP. Click here to download:Войти или зарегистрироваться, чтобы увидеть ссылку.