Warning:- This article is for research and educational purposes only. we are not responsible for anything you do or damage you cause from this article. We strongly advise to use against networks that you have permission or you have owned. For demonstration we are going to use our own network.Previously we have discussed about various WiFi penetration testing methods. Now, in this ultimate guide, we are going to discuss the easiest tool to test the security of a WiFi network using our Kali Linux system. Before starting this article we need to know that our normal computer or laptop’s WiFi usually not capable to crack WiFi networks. They normally don’t support monitor mode and packet injection. We need a capable WiFi adapter to do so. We have a list of capable WiFi adapter for monitor mode and packet injection.Let’s start, We are going to use a tool named “AngryOxide”. AngryOxide is a command line based tool written on Rust. As of now, it is not included with Kali Linux, so we need to install it from its GitHub repository.First, we start by installing Cargo on our Kali Linux system, as AngryOxide requires Cargo to run. Cargo is Rust’s build system and package manager. We can easily install it via using following simple command on our updated Kali Linux Terminal:sudo apt install cargo -yThis can take some time to install it depending on our internet speed and system configuration. In the following screenshot we can see the process.Now we are going to clone AngryOxide’s repository on our Kali Linux system by using following command.git clone https://github.com/Ragnt/AngryOxideAfter the cloning process is complete, we can navigate to the directory and view the files using the cd AngryOxide && ls command [Learn how to use Linux Terminal commands and bash scripting]. We can see the output of above commands from the following screenshot:Now we can compile it by using following command:make We can see the process of above command in the following screenshot:It may take some time depending on our system performance and internet speed. After finishing this we are gonna install this by using following command.sudo make installThe following screenshot shows the installation process.Now we can run this tool from anywhere on our computer. Suppose we need output on our Desktop then we just need to open our Terminal on our Desktop location. To do that we need to run following command:cd ~/DesktopNow we can easily run this tool. Let first we run it check the help options of this AngryOxide tool by using following command:angryoxide -hIn the following screenshot we can see the help options (menu) of AngryOxide tool.We are going to use these options to crack (better read security test) to any Wireless Network near by. Before that let we understand the working by using the options we got. In following list we are going to break down these options.Interface (-i, –interface): This is like choosing which WiFi card or adapter we want to use for testing.Channel (-c, –channel): We can think of WiFi channels like different radio stations. This option lets you choose specific channels to scan. If you don’t specify any, it will automatically scan commonly used channels 1, 6, and 11.Band (-b, –band): WiFi can operate on different frequency bands like 2.4GHz or 5GHz. This option lets you specify which band or frequency range to scan.Output Filename (-o, –output): This is where you specify the name of the file where the results of the test will be saved.Target Entry (-t, –target-entry): Here, we can specify a particular WiFi network (identified by MAC address or SSID) that we want to target for testing. If we don’t specify any, AngryOxide will test all networks it finds.Whitelist Entry (-w, –whitelist-entry): This is for specifying networks that we don’t want to attack. It’s like commanding AngryOxide, “Leave these networks alone.”Attack Rate (-r, –rate): Adjusts how aggressively the tool attacks networks.Combine (–combine): Combines output files into one for easier analysis.No active (–noactive): Disable activated Monitor mode of WiFi adapter.Autohunt (–autohunt): Automatically scans and focuses on channels where targets are found.Auto exit (–autoexit): Tells the tool to stop automatically once it has gathered all the needed data.No transmit (–notransmit): Makes the tool passive, meaning it observes without sending any data.No deauth (–nodeauth): Disables sending deauthentication frames, which are sometimes used in attacks.No tar (–notar): Prevents the tool from packaging the output files into a tar file.Disable mouse (–disablemouse): Turns off mouse capture, useful for headless operation (no graphical interface).Dwell Time (–dwell): Adjusts the time spent on each channel during scanning.First we can check network interfaces we are using on our system by using following command:ip aIn the following screenshot, we can see the network interfaces on our Kali Linux system.MAC address is hidden due to security & privacyIn the above screenshot we can see that our computer have only a wlan0 wireless network interface. We are using Kali Linux on our Desktop PC and that is an external WiFi card Alfa AWUS036NEH, if we were using a laptop then we might get two wireless network one for inbuilt wireless card another for external wireless card. in that case we have wlan0 and wlan1 as our network interface.Now we run AngryOxide tool to set our interface (wlan0) without making any noise on surrounding networks with no deauth and no transmit options. Here we requires root permissions, so our command will be as following.sudo angryoxide -i wlan0In the following screenshot we can see that our AngryOxide is running with a very beautiful command line interface and discovered some wireless networks. Here we also can see various options regarding discovered networks. Here we can use our keyboard for navigating things like q to quit, a/d to change tabs, space for pause, w/s to scrool, k for keybinds.We have hidden MAC addresses to maintain our privacy.Here for an example we have choose a WiFi network named Zero (SSID is the name of the WiFi Network). To select it we need to press down arrow key ⬇. Then we need to press 🇹 button on our keyboard to start attack on it. As we can see in the following screenshot.We can also see that we have captured 4-Way Handshake. 4-Way Handshake is capturing 4 messages (EAPOL Messages). Basically in normal language to understand this attack process we think like AngryOxide send de-authentication packets to target network (lots of packets on a network) which creates a traffic jam and all connected devices are disconnected due to overload then those connected devices or clients automatically try to connect to the network and send request to connect. Here is the catch in that request it send password also for validation. Password in the sense hash of the password. We capture the request using various applications just we are doing using AngryOxide. This capture process called handshake capturing.If we press 🇩 on our keyboard two times and go to the “Handshake” tab then we can clearly see that AngryOxide have captured handshakes successfully. Which shown in the following screenshot.Now our work is done. We can quit this by pressing 🇶 button on our keyboard.Then AngryOxide will ask for confirming the exit. Here we press 🇾 button to confirm our exit. We had run AngryOxide on our Desktop so after exit we can see a ZIP file on our Desktop. As we can see in the following screenshot.Now we can easily extract this ZIP file by right click and choosing “Extract Here” option.It will create a directory (Folder for Windows users) on our Desktop, inside that directory we can see some files.YOO! Handshake file is captured. Now what? It’s time to crack down this hash into plain text password. To do this we are going to use HashCat tool. Previously we have discussed about Hashcat.Sometimes we got the handshake (cap/pcap/pcapng) file then we need to convert it to put it on Hashcat for cracking Paswword. But AngryOxide already providing us the Hashcat format (filename.hc22000 format) which saves our some time. Lets crack this using Hashcat.We need to open a terminal window and run following command:hashcat <full-path-of-hashfile> <full-path-of-wordlist>In our case the command will be as followinghashcat /home/kali/Desktop/oxide-2024-05-01_21-14-38/Zero.hc22000 /usr/share/seclists/Passwords/WiFi-WPA/probable-v2-wpa-top447.txtHere we are using a passwordlist or wordlist which contains top 447 common passwords for WiFi cracking. We can download these kind of wordlists from internet (here we have used seclists, which can be installed on Kali Linux by sudo apt install seclists command).Hashcat is trying to crack the passwordIf the password isn’t common, then we might not find it. In that case, we need to run a dictionary attack. Which may took several years to crack a tough password depending on our System password (GPU’s are useful in this case).We intentionally put an easy password for our WiFi to demonstrate this tutorial. But with a large wordlist the chance of cracking the hash increased.In the following screenshot we can see that password for SSID named Zero is cracked.This is how we can easily capture WiFi handshake files using AngryOxide and crack WiFi password using Hashcat on Kali Linux system.Note:- This article is intended solely for educational and research purposes. We hereby absolve ourselves of any responsibility for the consequences of actions taken as a result of the information provided herein. Proceed with caution and understand that unauthorized use of the techniques described within may result in severe legal repercussions. We vehemently advise against employing these methods on networks without explicit permission from the network owner or administrator. For the purpose of demonstration, we will be conducting our experiments exclusively on our own network.Love our article? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group & Whatsapp Channel. We are striving to build a community for Linux and cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

It is said that information is power, and the sar Linux command can give you tons of useful information about your system.It is named like that for System Activity Reporter (SAR), and allows you to query information to your system, to understand what is happening or what has happened in the past.It runs in the background gathering your system information as a daemon, writing the current day to text files and converting these to binary files as midnight passes.The best thing is that it stores the data. So unlike top and many other system monitoring commands, you can get a historical view of system resource utilization.This is helpful when you want to see if a performance deterioration matches with the high resource usage at the time.Installing sar commandThe sar command comes in the sysstat package, which normally will not come by default in Debian or RedHat based distros, so you will have to install it first.sudo apt install sysstatOnce this package is installed, you need to start sar service, by doing:systemctl start sysstat.serviceThis will start the service, which you can easily check if it is running by doing:systemctl status sysstat.serviceAnd you will see results similar to this:Using sar command to get system detailsNow that you have the sar running in the background and collecting the stats, let’s see how you can access that information.💡By default, SAR captures a snapshot of system resource usage every 10 minutes. You should be able to get some good information after some hours of it being activated as a service.CPU StatsTo check the CPU resource, run the sar command with -u option:sar -uIt will show the CPU stats collected for the day.11:50:00 AM CPU %user %nice %system %iowait %steal %idle
12:00:01 PM all 16.22 0.52 3.83 0.44 0.00 79.00
12:10:01 PM all 9.19 0.00 2.15 0.21 0.00 88.45
12:20:01 PM all 11.73 0.06 2.70 0.30 0.00 85.21
12:30:01 PM all 6.03 0.00 2.04 0.16 0.00 91.76
12:40:01 PM all 1.43 0.00 0.44 0.15 0.00 97.98
12:50:01 PM all 8.70 0.00 2.36 0.23 0.00 88.71
01:00:01 PM all 9.10 0.00 2.51 0.21 0.00 88.18
01:10:01 PM all 11.96 0.00 2.81 0.28 0.00 84.95
Average: all 9.28 0.07 2.35 0.25 0.00 88.04You can also ask sar to show you usage at a different time interval.Let’s say you want to watch and monitor the CPU usage stats for 3 times at an interval of 7 seconds:sar -u 7 3It will give you 3 snapshots, taken in the period requested, and an average of those numbers obtained in all snapshots.You can see it gives you the percentage of usage, the percentage of “nice”, the percentage used by the system, the percentage of IO wait, the percentage of steal and the percentage idle.If desired, you can even ask it about specific CPU usage like this:sar -P 1 1 3Check mounted file system usageThe sar command can also give you a lot of information about your File System. In this example, I am going to request information about the filesystems mounted in the system 4 times in intervals of 2 seconds:sar -F 2 4It will not only give you the number of megabytes used and free but also inform you about the inodes free and used and the file system location.Network report is also availableYou can get a lot of information about your network, for example: network interface, network speed, IPV4, TCPV4, ICMPV4 network traffic and errors.sar -n DEV 1 3 | egrep -v loGetting historical statsYou can obtain historical stats by quering the sar command with a specific timeframe. Let’s say you want to know CPU stats from 8 AM to 2 PM for the current day, you would use this:sar -u -s 8:00:00 -e 14:00:00 ConclusionI find it surprising that sar doesn’t provide a utility to display the system resource usage in graphs. If you want that, you can use some third-party tools like sargraph.GitHub – sargraph/sargraph.github.io: SARchart – An opensource version of the tool for viewing Unix SAR data as Charts/GraphsSARchart – An opensource version of the tool for viewing Unix SAR data as Charts/Graphs – sargraph/sargraph.github.ioAs I mentioned at the beginning, the power of sar command is incredible, there are plenty more options to use with it, which will allow you to get a lot more information which is very deep about your system such as: Process, Kernel Thread, I-node, and File Table Details, Swapping Statistics, Messages, Semaphores, and Process Details, I/O Operation Details and much, much more. You can get the list of different options, by running:sar –helpWhich will allow you to see the ser of options the command has to be able to provide deep understanding of the system statistics that can help any administrator to understand what is happening in the system at any moment in time.