bully-rs is a high-performance, asynchronous WPS (Wi-Fi Protected Setup) PIN cracking tool written in Rust. It serves as a modern, safe rewrite of the classic bully tool, designed to leverage Rust's memory safety and concurrency primitives for improved efficiency in Wi-Fi security auditing.
- High-Performance Asynchronous I/O: Built with
tokioto handle packet exchanges efficiently. - Multiple Attack Vectors:
- Pixie-Dust Attack: Rapidly recover WPS PINs from vulnerable devices.
- Brute-force/Sequential: Systematic testing of WPS PINs.
- Raw Socket Manipulation: Utilizes direct raw socket access for fine-grained control over WPA/WPS frames.
- Modern CLI: Structured with
clapfor a familiar and user-friendly interface.
- OS: Linux (requires
AF_PACKETraw socket support). - Permissions: Root/sudo access is required to open raw sockets for packet injection and sniffing.
- Dependencies:
rustcandcargoinstalled.
To build the tool from source, clone the repository and use cargo:
git clone https://github.com/kimocoder/bully-rs.git
cd bully-rs
cargo build --releaseThe resulting binary will be located at target/release/bully-rs.
# Display help
sudo ./target/release/bully-rs --help
# Example: Run a basic attack on an interface
sudo ./target/release/bully-rs --interface wlan0 --bssid AA:BB:CC:DD:EE:FF--interface <IFACE>: Wireless interface to use (must be in monitor mode).--scan: Scan for WPS-enabled access points.--bssid <MAC>: Target BSSID.--pixie: Enable Pixie-Dust attack mode.--bruteforce: Enable brute-force mode.--pin <PIN>: Test a specific PIN.--verbosity <LEVEL>: Set log level (0-3).
This tool is designed for educational purposes and authorized security auditing only. Using this software against targets you do not have explicit permission to test is illegal and unethical. The authors assume no liability for misuse.