Collection of payloads for the WiFi Pineapple Pager by Hak5.
This repository contains custom payloads for automatically and manually cracking WPA/WPA2 handshakes directly on the WiFi Pineapple Pager, plus tools for managing wordlists.
Path: library/alerts/handshake_captured/auto_crack/
Automatically attempts to crack WPA handshakes using aircrack-ng immediately when captured.
Features:
- Runs automatically on handshake capture
- Configurable timeout to prevent resource exhaustion
- Logs all successful cracks with timestamps
- Vibration and alert notifications on success
Path: library/user/exfiltration/handshake_cracker/
Manual payload for cracking handshakes with full control and detailed feedback.
Features:
- Interactive handshake selection
- Progress tracking with spinner
- Success notifications (visual, audio, haptic)
- Persistent results log
Path: library/user/general/wordlist_manager/
Utility for downloading and managing password wordlists.
Features:
- Auto-download common wordlists from public repos
- Wordlist statistics and organization
- Internet connectivity verification
SSH into your Pager and install required tools:
opkg update
opkg install aircrack-ngcd /root
git clone https://github.com/sinXne0/pineapple-pager-payloads.git# Copy alert payloads
cp -r pineapple-pager-payloads/library/alerts/handshake_captured/auto_crack /root/payloads/alerts/handshake_captured/
# Copy user payloads
cp -r pineapple-pager-payloads/library/user/exfiltration/handshake_cracker /root/payloads/user/exfiltration/
cp -r pineapple-pager-payloads/library/user/general/wordlist_manager /root/payloads/user/general/
# Make executable
chmod +x /root/payloads/alerts/handshake_captured/auto_crack/payload.sh
chmod +x /root/payloads/user/exfiltration/handshake_cracker/payload.sh
chmod +x /root/payloads/user/general/wordlist_manager/payload.shRun the Wordlist Manager from your Pager dashboard or manually upload:
scp rockyou.txt root@172.16.42.1:/root/wordlists/Enable the Auto Handshake Cracker alert or run the Interactive Cracker manually from the dashboard.
- Enable "Auto Handshake Cracker" alert payload in Pager settings
- Configure with small wordlist (1k-10k passwords recommended)
- Start wireless recon
- Payloads automatically crack each captured handshake
- Check
/root/crack_results.logfor passwords
- Capture handshakes via recon
- Run "Interactive Handshake Cracker" from dashboard
- Follow on-screen prompts
- Receive instant notification when cracked
- View results in
/root/cracked_passwords.txt
| Wordlist Size | Crack Time | Recommended Use |
|---|---|---|
| 1,000 passwords | 1-2 minutes | Auto-cracker, quick testing |
| 10,000 passwords | 5-15 minutes | Auto-cracker, common passwords |
| 100,000 passwords | 30-90 minutes | Manual cracking only |
| 1,000,000+ passwords | Hours-Days | Not recommended - use offline |
Tip: The Pager has limited CPU power. For large wordlists, export handshakes and use hashcat on a laptop/desktop with GPU acceleration.
library/
├── alerts/
│ └── handshake_captured/
│ └── auto_crack/
│ ├── payload.sh
│ └── README.md
└── user/
├── exfiltration/
│ └── handshake_cracker/
│ ├── payload.sh
│ └── README.md
└── general/
└── wordlist_manager/
├── payload.sh
└── README.md
- WiFi Pineapple Pager (firmware 1.0.0+)
aircrack-ng(install viaopkg install aircrack-ng)- At least one wordlist file
- Internet connectivity for Wordlist Manager
Each payload includes configuration variables at the top of payload.sh:
WORDLIST="/root/wordlists/rockyou.txt" # Path to wordlist
MAX_CRACK_TIME=300 # Timeout in seconds
ENABLE_LOGGING=true # Log results
VIBRATE_ON_SUCCESS=true # Vibrate on successWORDLIST_DIR="/root/wordlists"
DEFAULT_WORDLIST="$WORDLIST_DIR/rockyou.txt"
HANDSHAKE_DIR="/root/loot/handshakes"
RESULTS_FILE="/root/cracked_passwords.txt"opkg update
opkg install aircrack-ngRun the Wordlist Manager payload or manually upload:
scp wordlist.txt root@172.16.42.1:/root/wordlists/- Verify handshakes are in
/root/loot/handshakes/ - Check file format (must be
.pcapor.cap) - Ensure handshakes are complete and valid
- Use smaller wordlists
- Reduce
MAX_CRACK_TIMEfor auto-cracker - Connect USB-C power during long crack sessions
- common-passwords.txt (1k) - Quick wins
- rockyou-top10k.txt (10k) - Best balance
- wifi-defaults.txt - Router default passwords
✅ Testing your own networks ✅ Authorized penetration testing with written permission ✅ Educational/research in controlled environments ✅ Security assessments with client authorization
❌ Testing networks without permission ❌ Accessing neighbor's WiFi ❌ Public WiFi cracking ❌ Any unauthorized network access
Unauthorized access to computer networks is illegal and punishable by law.
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Follow the Hak5 payload standards
- Test thoroughly on actual hardware
- Submit a pull request
- Add GPU offload support
- Implement John the Ripper integration
- Add custom rule-based cracking
- Improve handshake selection UI
- Add hashcat integration
- Initial release
- Auto Handshake Cracker (alert payload)
- Interactive Handshake Cracker (user payload)
- Wordlist Manager (user payload)
- Complete documentation
- Author: sinX
- Platform: WiFi Pineapple Pager by Hak5
- Cracking Engine: aircrack-ng
- Wordlists: SecLists, Weakpass, Community
These payloads are provided as-is for authorized security testing purposes only.
Use at your own risk. Author is not responsible for misuse or illegal activities.
- Issues: GitHub Issues
- Documentation: See individual payload README files
- Hak5 Forums: forums.hak5.org
Made with ❤️ for the Hak5 community