Home Hacking Tools Wifi Pumpkin – WiFi MITM Attack and Audit Framework

Wifi Pumpkin – WiFi MITM Attack and Audit Framework

by Unallocated Author

Wifi Pumpkin is a security audit framework used to test the security of wifi against threats like man in the middle attacks. The tool also can  create rogue Wi-Fi access points to hack WiFi via deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly.

Wifi Pumpkin Installation

wifi Pumpkin tool cloning

Wifi Pumpkin is supported by Kali Linux, Parrot OS, Pentoo, and Ubunto. Wifi Pumkin can be installed by cloning the framework from github and running the installer  as shown in the following commands.

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
chmod +x installer.sh
sudo ./installer.sh --install

Wifi Pumpkin requires the following software to operate.

  • hostapd
  • isc-dhcp-server
  • php5-cli
  • rfkill
  • iptables
  • Nmcli

Isc-dhcp-server and php5-cli are optional. The dependencies can be installed by running the requirements.txt file as follows.

pip install –r requirements.txt

How Wifi Pumpkin Works

wifi pumpkin installation

Wifi Pumpkin can be used in many ways. For demonstration purpose, we are going to create a rogue access point where anybody can connect without requiring any credentials. Wifi Pumpkin requires Ethernet and wifi adapter to make wifi access point. Run the following command to check the available wifi interface.


In most of the cases, it is wlan0.  The next step is to launch the Wifi Pumpkin. Run the following command to open the Wifi Pumpkin interface.


If that does not work, run the same command with sudo option i-e

sudo wifi-pumpkin

Once the Wifi Pumpkin interface is opened, go to plugins tab to select the desired plugins for auditing or simulating the wifi attack.

wifi pumpkin plugins

The next step is to configure the access point from the settings tab. The settings tab offers different configurations to adapt, such as Access Point setting (configuring SSID and BSSID, choosing the network adapter), activity monitor setting, and DHCP setting. In the settings tab, there is an option of enabling the wireless security. Keep it unchecked for creating rogue access point without any credentials.

wifi pumpkin ap settings

After the settings are complete, hit the start button to allow the access point to broadcast the free wifi in the vicinity.  Wifi Pumpkin has an activity monitoring window that captures all the traffic of the users who are connected with the rogue access point.

What Bunny rating does it get?

Wifi Pumpkin is a decent penetration testing framework that can easily simulate wifi attacks for security assessments. The GUI interface makes the framework usage less technical. As a result we will be awarding this tool a rating of 4 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

You may also like

Latest Hacking News

Privacy Preference Center


The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid