WiFi Deauther — is a wireless security testing tool that can disconnect devices from access points by simulating attacks like Deauthentication (deauthentication). Although it is often associated with "hacking," it is actually a legitimate tool for security auditing, if used on private networks or with the owner's permission. In this article, we'll look at how to build such a device using microcontrollers. ESP8266 or ESP32, set it up and run tests without breaking the law.
It's important to understand: deauthentication doesn't crack passwords or decrypt traffic. It simply forcibly disconnects the device from the router, forcing it to reconnect. This allows you to identify vulnerabilities in network security settings, such as weak passwords or a lack of protection against replay attacks. However, illegal use of such a tool may result in administrative or criminal liability in most countries.
If you're a network administrator or simply want to test your home Wi-Fi for attack resistance, this guide will help you understand the technical nuances. We'll cover both hardware (board and antenna selection) and software (firmware, setup, and running tests).
1. What is WiFi Deauther and how does it work?
The basis of the work WiFi Deauther lies in the exploitation of protocol features IEEE 802.11 (Wi-Fi standard). When a device connects to an access point, it goes through an authentication and association process. A deauthentication attack sends special packets. Deauthentication or Disassociation, which forcibly break this connection.
Why is this possible? Because in the Wi-Fi standard no verification of the authenticity of the source is provided such packets. This means anyone can send a deauthentication packet on behalf of the router or client device, and the connection will be terminated. This is a protocol vulnerability, not a specific router bug.
- 🔍 Attack target: Check how the network responds to attempts to disconnect devices. If, after deauthentication, clients automatically reconnect without additional security measures (e.g., 802.11w), the network is vulnerable.
- ⚠️ Restrictions: Deauthentication doesn't grant access to data—it only terminates the connection. To intercept traffic, other tools are needed (for example, Wireshark + aircrack-ng).
- 🛠️ Legal use: Security audit, corporate network testing, training of cybersecurity specialists.
Important: modern routers support the standard 802.11w (protected networks with WPA3-Enterprise) are resistant to such attacks. If your router supports this protocol, enable it in the security settings.
2. Necessary equipment and software
For assembly WiFi Deauther you will need:
- 📌 Microcontroller: ESP8266 (For example, NodeMCU or Wemos D1 Mini) or ESP32 (better with support) Wi-Fi 5 for operation in the 5 GHz range).
- 🔋 Nutrition: USB cable or battery (eg. 18650 with a charging module). It is convenient to use for portability. Power Bank.
- 📡 Antenna: The built-in antenna is suitable for testing in a small apartment. For greater range, you can connect an external antenna (for example, RP-SMA).
- 💻 Software:
- Arduino IDE or PlatformIO for firmware;
- WiFi Deauther firmware from spacehuhn (the most popular option);
- Drivers for your board (usually installed automatically when connected to a PC).
Cost of the set: from 300–500 rubles (if used) ESP8266 from AliExpress) up to 1500–2000 rubles (from ESP32 and an external antenna). Ready-made devices (for example, Pwnagotchi or WiFi Pineapple) will cost 10-50 times more, but their functionality is wider.
| Component | Model/example | Price (2026) | Notes |
|---|---|---|---|
| Microcontroller | NodeMCU ESP8266 | ~250 ₽ | Suitable for basic testing in the 2.4 GHz band |
| Microcontroller | ESP32-WROOM-32 | ~500 ₽ | Supports 5GHz, more memory |
| Antenna | RP-SMA 2.4/5 GHz | ~300 ₽ | Increases range to 100-150 m in open space |
| Nutrition | Power Bank 10000 mAh | ~800 ₽ | Autonomous operation up to 10-12 hours |
If you plan to test networks in the range 5 GHz, be sure to take it ESP32 — ESP8266 It only operates on 2.4 GHz. Also, please note that for legal use, the device must be marked on its case (for example, with a sticker stating "For testing your own networks only").
Why can't you use Raspberry Pi?
The Raspberry Pi isn't suitable for deauthentication out of the box, as its Wi-Fi adapter doesn't support monitor mode without additional drivers. Furthermore, the Pi consumes significantly more power, making it less portable.
3. Flashing the microcontroller
The firmware process WiFi Deauther It consists of three steps: installing the Arduino IDE, uploading firmware, and configuring parameters. Let's look at each step in detail.
Step 1: Installing the Arduino IDE
Download the latest version Arduino IDE With official website and install it. Then add support ESP8266/ESP32:
- Open
File → Settings. - In the field
Additional links for the board manageradd:https://arduino.esp8266.com/stable/package_esp8266com_index.jsonhttps://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json - Go to
Tools → Board → Board Manager, find esp8266 And esp32, install them.
Step 2: Download the firmware
Download the firmware WiFi Deauther from GitHub:
git clone https://github.com/spacehuhn/esp8266_deauther.git
Open the file esp8266_deauther.ino in the Arduino IDE. Select your board in Tools → Board (For example, NodeMCU 1.0 For ESP8266). Connect the board to the PC via USB and upload the sketch.
Step 3: Setup
After flashing:
- Open
Port Monitorin the Arduino IDE (Tools → Port Monitor). - Set the speed
115200 baud. - Follow the on-screen instructions to connect to the device's access point (usually SSID:
pwned, password:deauther).
If the firmware was successful, you will see the device's web interface at the address 192.168.4.1Here you can configure network scanning, attack launches, and other settings.
☑️ Preparing for firmware
4. Setting up and running deauthentication
Once the firmware is installed, the device is ready for use. Let's take a look at the main functions of the web interface. WiFi Deauther:
- 🔍 Network scan: shows all available access points and devices connected to them. Here you can see
BSSID(MAC address of the router), channel, signal strength and encryption type. - 🎯 Attacks:
Deauth— disconnects selected devices from the network;Beacon Spam— clutters the airwaves with false networks (may disrupt the operation of nearby devices!);Probe Request— simulates the search for networks by devices.
- ⚙️ Settings: selection of channel, transmission power, timeouts between packets.
Example of running deauthentication:
- In the section
ScanSelect the target network (for example, your router). - Click
Selectnext to the desired device (or selectAllfor all network clients). - Go to the section
Attack, selectDeauthand specify the number of packages (for example,10for the test). - Click
Start.
If the attack is successful, the target device (e.g., a smartphone) will lose its Wi-Fi connection and attempt to reconnect. You'll see the packets sent in the web interface logs:
[DEAUTH] Sent 10 packets to AA:BB:CC:DD:EE:FF (Client)
5. Legal uses
Usage WiFi Deauther is regulated by laws on cybersecurity and invasion of privacy. In most countries (including Russia, the US, and the EU) Unauthorized deauthentication of other people's networks is considered hacking. and is punishable by fines or imprisonment. However, there are legal options:
- 🏠 Home Network Testing: Check your router's resistance to attacks. For example, if devices can't reconnect after deauthentication, it might be worth updating the router's firmware.
- 🎓 Educational objectives: demonstration of Wi-Fi vulnerabilities in educational institutions (with permission of the administration).
- 🛡️ Security Audit: Companies hire specialists to perform penetration testing of corporate networks (penetration testing).
To avoid legal problems:
⚠️ Attention: Always obtain written permission from the network owner before testing. Even if you're testing a neighbor's network "for fun," it could be considered a violation. Federal Law No. 149 "On Information" (Article 272 of the Criminal Code of the Russian Federation - unauthorized access to computer information).
If you're a network administrator, document all tests: date, time, purpose, and results. This will help avoid misunderstandings during testing.
6. How to protect your network from deauthentication
If your network is vulnerable to attacks WiFi Deauther, here are the ways to protect yourself:
- 🔒 Turn on 802.11w (PMF): This standard protects against deauthentication. Look for the option in your router settings.
Protected Management Framesand activate it. Supported by most modern routers (ASUS, TP-Link, MikroTik). - 🔄 Update your router firmware: Manufacturers regularly patch vulnerabilities. Check the current version in the router's web interface (section
System → Firmware). - 📶 Use a hidden network (SSID Hiding): This doesn't protect against deauthentication, but it makes it harder for scanners to detect your network. It can be enabled in the settings.
Wireless → Basic Settings(optionHide SSID). - 🛡️ Set up MAC filtering: Allow connections only to known devices. The downside is that this doesn't protect against MAC address spoofing.
Additional measures:
- Install intrusion detection system (IDS, For example, Snort or Suricata), which will alert you to suspicious deauthentication packets.
- Set up guest network For low-trust devices (smart light bulbs, IoT gadgets). The main network will remain secure.
Check support 802.11w on your devices:
| Device | 802.11w support | Notes |
|---|---|---|
| Routers ASUS RT-AX88U | Yes | Included in Wireless → Professional |
| Routers TP-Link Archer C7 | No | Firmware required OpenWRT |
| Smartphones iPhone (iOS 15+) | Yes | Automatically connects to networks with PMF |
| Laptops with Windows 11 | Yes | Latest Wi-Fi drivers required |
7. Alternative Wi-Fi Testing Tools
If WiFi Deauther seems too limited, there are more professional tools for security auditing:
- 🖥️ Aircrack-ng: A set of Linux utilities that allows you to intercept packets, crack WEP/WPA encryption, and deauthenticate. Works with adapters that support
monitor mode(For example, Alfa AWUS036ACH). - 🍍 WiFi Pineapple: a professional network testing device (price from 20,000 ₽). Supports complex attacks, including Evil Twin And Karma.
- 🐧 Kali Linux: a Linux distribution with pre-installed pentesting tools (Wireshark, Reaver, Wifite). Suitable for deep network analysis.
- 🤖 Pwnagotchi: portable device based on Raspberry Pi, which automatically scans networks and intercepts handshakes (handshake). Popular among enthusiasts.
Comparison of tools:
| Tool | Complexity | Price | Main functions |
|---|---|---|---|
| WiFi Deauther (ESP8266) | Low | 300–1000 ₽ | Deauthentication, scanning, beacon spam |
| Aircrack-ng | Average | For free | Packet sniffing, WPA cracking, deauthentication |
| WiFi Pineapple | High | 20 000+ ₽ | Phishing, Evil Twin, automated attacks |
| Pwnagotchi | Average | 5000–10 000 ₽ | Automatic handshake collection, deauthentication |
For beginners WiFi Deauther — the optimal choice due to its low price and simplicity. For professional auditing, it is better to use Aircrack-ng or WiFi Pineapple.
8. Common mistakes and their solutions
When working with WiFi Deauther Users encounter typical problems. Let's look at the most common ones:
- ❌ The device does not turn on:
- Check the power connection (USB cable, battery).
- Make sure the drivers for the board are installed (in
Device ManagerThere should be no exclamation marks next to the COM port).
- ❌ Unable to connect to access point
pwned:- Check that the firmware is loaded correctly (in
Port Monitorthere should be no errors). - Reboot the board (power off and on).
- Try connecting from another device (sometimes smartphones do not see the access point due to OS limitations).
- Check that the firmware is loaded correctly (in
- ❌ The attack doesn't work:
- Make sure the target network and device are within range (check the signal strength in
Scan). - Try changing the channel in your device settings (some routers automatically switch channels).
- If you are attacking a 5GHz network, use ESP32 — ESP8266 Works only on 2.4 GHz.
- Make sure the target network and device are within range (check the signal strength in
If your device stops responding:
⚠️ Attention: In case of incorrect firmware ESP8266/ESP32 may become bricked. To restore it, hold down the buttonBOOT(orFLASH) when connected to USB and try flashing the firmware again. If this doesn't help, use the utility esptool To completely erase memory:esptool.py erase_flashAnother common problem is board overheatingIf the device is running for more than 30–40 minutes, it may start to malfunction. Solution: Use passive cooling (a heatsink) or take breaks from use.
How to check if deauthentication works?
Run on a laptop Wireshark in monitoring mode (
monitor mode) and filter packages by typeDeauthenticationIf you see packets from your device, an attack is underway.FAQ: Frequently Asked Questions
❓ Can WiFi Deauther be used to crack passwords?
No, WiFi Deauther It only breaks connections, but does not crack passwords. To intercept a handshake (handshake) and subsequent brute force is needed Aircrack-ng or HashcatHowever, even in this case, modern networks with
WPA3resistant to such attacks.❓ Is it legal to test networks in public places (cafes, airports)?
No, testing other people's networks without the owner's explicit permission illegallyThe exception is if you're a network administrator (for example, testing the Wi-Fi at your cafe). In public places, such actions could be considered a cyberattack.
❓ How to increase the range of WiFi Deauther?
To increase the range:
- Use ESP32 instead of ESP8266 (best receiver sensitivity).
- Connect an external antenna with amplification (for example, 9 dBi).
- Change the firmware to ESP32 Deauther with support
high power mode.- Place the device closer to the target network (for example, on a windowsill).
❓ Is it possible to detect if I'm being attacked by WiFi Deauther?
Yes, signs of an attack:
- Devices constantly lose connection to Wi-Fi.
- Messages about multiple connection breaks appear in the router logs.
- Programs like Wireshark or Acrylic Wi-Fi show suspicious packages
Deauthentication.For protection, turn on 802.11w or use IDS (For example, Snort).
❓ Where can I buy a ready-made WiFi Deauther device?
Ready-made devices are sold on AliExpress (search by request
ESP8266 Deauther), but their quality often leaves much to be desired. It's better to assemble the device yourself—it's cheaper and more reliable. An alternative is WiFi Pineapple or Pwnagotchi, but their price starts from 5000 ₽.