DEV.co
Open-Source Security · Ragnt

AngryOxide

AngryOxide is a Rust-based 802.11 wireless penetration testing tool designed to automate WiFi attack workflows and capture EAPOL handshakes for offline cracking. It performs active state-based attacks against access points and clients, outputting hashlines compatible with Hashcat.

Source: GitHub — github.com/Ragnt/AngryOxide
1.9k
GitHub stars
113
Forks
Rust
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryRagnt/AngryOxide
OwnerRagnt
Primary languageRust
LicenseGPL-3.0 — OSI-approved
Stars1.9k
Forks113
Open issues17
Latest releasev0.9.2 (2025-12-20)
Last updated2026-07-08
Sourcehttps://github.com/Ragnt/AngryOxide

What AngryOxide is

Built in Rust with netlink and kernel socket integration, AngryOxide implements multiple 802.11 attack vectors (PMKID collection, anonymous reassociation, CSA downgrade, rogue M2) with rate limiting, EAPOL validation (nonce/replay/temporal), and outputs pcapng (with GPS metadata) and kismetdb formats. Operates in active monitor mode with optional headless output.

Quickstart

Get the AngryOxide source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Ragnt/AngryOxide.gitcd AngryOxide# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized penetration testing of WiFi infrastructure

Conduct rapid, multi-vector attacks on target networks with permission. Automated EAPOL capture and hashline generation reduces manual effort compared to sequential aircrack-ng workflows.

Red team exercises with geofenced scope control

Deploy on embedded systems (MIPS via cross-compile) with GPS geofencing to constrain operations to authorized areas and prevent accidental broadcast beyond boundaries.

Security research on 802.11 attack chains

Validate novel attack techniques (MFP bypass, WiFi 6e disassoc) and collect EAPOL handshakes under controlled conditions for cryptographic analysis or tool development.

Implementation considerations

  • Requires wireless adapter in monitor mode; not all chipsets support all attack vectors. Verify driver/firmware compatibility before deployment.
  • Must run as root to access kernel sockets and send raw frames. Verify minimal privilege delegation model and audit for lateral privilege escalation risks.
  • Rate limiting (1–3 levels) affects attack success probability; tuning depends on target environment. Test against representative networks before production runs.
  • EAPOL validation logic (nonce/replay/temporal checks) can reject valid handshakes under clock skew or congested conditions; budget extra capture time.
  • GPS integration (GPSD) and geofencing timeout (default 300s) may lose sync in contested environments; test with your GPS infrastructure.

When to avoid it — and what to weigh

  • No legitimate authorization to test target networks — This tool is explicitly designed for WiFi attacks. Using it on networks without written permission is illegal in most jurisdictions. GPL-3.0 does not grant authorization.
  • Passive-only security monitoring is required — AngryOxide is inherently active and transmits deauthentication, probe injection, and association frames by design. Passive-only monitoring tools are inappropriate for this use case.
  • Stability and production reliability are critical — Project explicitly states 'HEAVY development' with 'very fast release cycle.' Latest release is v0.9.2 (ongoing active work). Production dependencies should expect breaking changes.
  • Windows or non-Linux deployment required — No pre-compiled binaries or documented support for Windows. Requires Linux with monitor-mode capable wireless adapter and root privileges.

License & commercial use

GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring source code disclosure for any derivative works distributed. Linking, modification, or redistribution triggers GPL obligations.

GPL-3.0 does not prohibit commercial use, but requires: (1) source code availability to end users, (2) same license for derivatives, and (3) license/copyright notice inclusion. Commercial deployment without legal review poses compliance risk. Consult counsel before integrating into commercial pentesting services or products.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

AngryOxide transmits 802.11 frames that may trigger network monitoring, endpoint detection, or IDS alerts if operator does not control the network. Geofencing and whitelist are operational controls, not security isolation. Rate limiting and EAPOL validation reduce false positives but do not prevent detection by WiFi monitoring systems. Root privilege requirement is a standard privilege escalation consideration. No security audit or CVE history documented in public sources. Verify legal authorization in writing before use.

Alternatives to consider

aircrack-ng suite (airmon-ng, aireplay-ng, airodump-ng)

Mature, battle-tested, modular tools with decades of adoption. Smaller attack surface per tool, but requires manual workflow orchestration. No built-in EAPOL validation or hashline export; output is raw pcap.

hcxdumptool + hcxpcapngtool

Lightweight C-based capture and hashline conversion. AngryOxide is explicitly inspired by this; hcxdumptool focuses on capture, delegates cracking to external tools. Smaller footprint, more stable, less aggressive attacks.

Kismet (wireless intrusion detection + passive survey)

Passive-only multi-band survey with geolocation and database logging. If active attacks are not authorized, Kismet is the correct choice. No direct hashline generation; complementary to AngryOxide.

Software development agency

Build on AngryOxide with DEV.co software developers

If you conduct authorized WiFi security assessments and need rapid, automated handshake capture with integrated geofencing, AngryOxide may accelerate your workflow. Verify legal authorization, wireless adapter compatibility, and Linux deployment capability before committing. Review GPL-3.0 obligations if integrating into commercial services.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

AngryOxide FAQ

Can I use AngryOxide on networks I don't own or have permission for?
No. The README and GPL-3.0 license both disclaim liability and explicitly restrict use to authorized networks. Unauthorized use is illegal in most jurisdictions.
What wireless adapters are supported?
Any Linux adapter supporting monitor mode. Specific attack vectors (PMKID, CSA, MFP bypass) depend on chipset and driver firmware. Test compatibility before deployment.
Can I integrate AngryOxide output into my security platform?
Yes. Headless mode outputs structured text; pcapng, kismetdb, and hc22000 are standard formats. GPL-3.0 requires source code disclosure if you redistribute or modify AngryOxide itself.
Is this tool production-ready?
No. Developers explicitly state 'HEAVY development' with 'very fast release cycle.' v0.9.2 is still pre-1.0. Expect API/output changes, bugs, and breaking updates.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like AngryOxide into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.

Evaluate AngryOxide for Your Authorized Penetration Testing

If you conduct authorized WiFi security assessments and need rapid, automated handshake capture with integrated geofencing, AngryOxide may accelerate your workflow. Verify legal authorization, wireless adapter compatibility, and Linux deployment capability before committing. Review GPL-3.0 obligations if integrating into commercial services.