DEV.co
Open-Source Security · flashnuke

wifi-deauth

wifi-deauth is a Python-based denial-of-service tool that disconnects all devices from a target WiFi network by sending spoofed deauthentication packets. It operates without requiring the network password and supports both 2.4 GHz and 5 GHz bands, including WPA3 (though PMF testing is incomplete).

Source: GitHub — github.com/flashnuke/wifi-deauth
875
GitHub stars
105
Forks
Python
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryflashnuke/wifi-deauth
Ownerflashnuke
Primary languagePython
LicenseGPL-3.0 — OSI-approved
Stars875
Forks105
Open issues17
Latest releasev1.45.1 (2026-02-26)
Last updated2026-02-26
Sourcehttps://github.com/flashnuke/wifi-deauth

What wifi-deauth is

The tool iterates across WiFi channels, sniffs 802.11 packets to enumerate access points, then floods the target with spoofed deauth frames (broadcast and unicast to discovered clients) via packet injection. It supports monitor mode activation, custom channel selection, client filtering, and multi-channel simultaneous attacks via separate interfaces.

Quickstart

Get the wifi-deauth source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/flashnuke/wifi-deauth.gitcd wifi-deauth# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized penetration testing and security assessments

Use in controlled lab environments or authorized engagements where explicit consent has been obtained to test AP resilience and client reconnection behavior.

WiFi security research and education

Study 802.11 deauthentication vulnerabilities, PMF effectiveness, and wireless protocol behavior in academic or training contexts with proper institutional oversight.

Red team exercises in contained networks

Deploy during sanctioned internal security exercises to validate detection systems, incident response procedures, and WiFi intrusion prevention mechanisms.

Implementation considerations

  • Requires a Linux system with a wireless adapter supporting monitor mode and packet injection (e.g., Atheros, Ralink chipsets); not all adapters are compatible.
  • Installation via pipx/venv is recommended; avoid system-wide pip install with --break-system-packages due to dependency conflicts.
  • Dual-interface setup may be necessary to attack dual-band APs simultaneously (one interface per 2.4 GHz and 5 GHz band).
  • Initial channel scanning takes 1–2 minutes; use SSID/BSSID filters to accelerate discovery in high-density environments.
  • Requires sudo/root privileges for monitor mode activation and raw packet injection.

When to avoid it — and what to weigh

  • Production or unauthorized networks — This tool causes immediate, widespread disruption. Using it against networks without explicit written authorization is illegal in most jurisdictions and constitutes a criminal DoS attack.
  • Your organization lacks legal/compliance framework — Deployment requires documented authorization, liability insurance, and legal review. If your org cannot provide these, do not use this tool operationally.
  • You need reliability or persistent network control — This is a disruptive DoS tool, not a network management or access control solution. It cannot selectively disconnect or maintain stable partial service.
  • Target environments with hardened PMF/802.11w — Efficacy against Protected Management Frames is untested. Modern enterprise APs with PMF mandatory may be resistant, limiting practical impact.

License & commercial use

Distributed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring source disclosure and GPL compliance for derivative works.

GPL-3.0 is not a permissive license. Commercial distribution or integration into proprietary products requires legal review and likely GPL compliance obligations. Internal use for authorized security testing may be permitted, but consult counsel before commercial deployment. Requires review.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

This is a network disruption tool, not a security solution. Misuse causes denial of service to legitimate users and is illegal without consent. Operators must ensure: (1) explicit written authorization before any use, (2) isolated test environments to prevent accidental propagation, (3) awareness that WiFi frames are unencrypted and tool activity is trivially detectable by IDS/IPS. WPA3/PMF support is claimed but untested—efficacy against modern hardened APs is unknown. No authentication or access control in the tool itself.

Alternatives to consider

Aircrack-ng suite (aireplay-ng)

Mature, widely deployed deauth/DoS tool with broader APS support, packet capture/analysis integration, and longer security audit history. More suitable for professional pentesting.

Kali Linux native tools (mdk3, mdk4)

Specialized multi-function WiFi attack suite (deauth, beacon flooding, SSID broadcast) bundled in standard security distributions with integrated documentation and community support.

Hostapd + iw (legitimate AP and channel management)

If the goal is to manage or secure networks (rather than attack), legitimate tools for AP configuration, PMF enforcement, and channel control without legal/ethical risk.

Software development agency

Build on wifi-deauth with DEV.co software developers

Before deployment, confirm explicit client authorization, legal compliance, and hardware compatibility. Consult your security and legal teams. Devco can help you design authorized security testing workflows, integrate this into controlled test environments, or recommend compliant alternatives.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

wifi-deauth FAQ

Is this tool legal to use?
No, except with explicit written authorization on networks you own or have permission to test. Unauthorized use is a federal crime in most jurisdictions (e.g., CFAA in the US). Always obtain signed consent and understand local laws.
Why do I need two interfaces for dual-band APs?
Some APs use the same SSID/BSSID for both 2.4 GHz and 5 GHz bands but operate on different channels. Packet injection on one interface only floods one band; a second interface allows simultaneous attacks on both frequencies.
Does this work against WPA3 and PMF?
The README claims WPA3 support but notes PMF is 'not tested.' Modern Protected Management Frames (PMF/802.11w) are designed to mitigate deauth attacks. Efficacy on hardened APs is unknown—test in your environment before relying on it.
What hardware do I need?
A Linux system with a WiFi adapter supporting monitor mode and raw packet injection. Atheros (ath9k) and Ralink chipsets are common. Many USB adapters work; check driver support before purchase. Not all integrated laptop cards support injection.

Software developers & web developers for hire

Need help beyond evaluating wifi-deauth? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source security integrations — and maintain them long-term.

Evaluating This Tool for Your Security Program?

Before deployment, confirm explicit client authorization, legal compliance, and hardware compatibility. Consult your security and legal teams. Devco can help you design authorized security testing workflows, integrate this into controlled test environments, or recommend compliant alternatives.