Airgeddon is a feature-rich bash script designed for Wi-Fi security auditing and testing. It combines numerous tools into a unified interface, making it a go-to utility for professionals in wireless penetration testing. However, the script is not standalone. For it to work correctly, a suitable environment with specific operating system support and installed dependencies is essential. Preparing the environment before launching Airgeddon ensures a smooth experience, prevents errors, and enables full functionality during attacks such as Evil Twin setups, handshake captures, and password cracking.
Core Operating System Compatibility
Supported Linux Distributions
Airgeddon has been built with Linux as its primary platform. The developers maintain compatibility with popular security-focused Linux distributions. Debian-based systems such as Kali Linux, Parrot OS, and Ubuntu provide the best support. These distributions include most of the required packages in their repositories and offer ease of use for network testing tools.
Arch-based systems like BlackArch and Manjaro also support Airgeddon, although additional configurations may be necessary. Users experienced with pacman and Arch’s package management can achieve full compatibility by manually installing each dependency. Fedora and RHEL-based distributions may require even more effort, including custom compilation of certain tools like hostapd-wpe or sslstrip, which may not be included in their default repositories.
Preferred Environments for Smooth Operation
Airgeddon functions best on environments designed for penetration testing. Kali Linux is the most recommended distribution due to its preloaded wireless tools and maintained support for network attack scripts. Other environments may require manual patching of hostapd or configuration of lighttpd, increasing the effort required to run Airgeddon without errors.
Required Shell and Language Environments
Bash Shell Requirement
The entire Airgeddon script is written in Bash. It requires the bash shell to execute its core functions. Bash is typically available by default in almost every Linux distribution. Still, users must ensure that their system’s default shell is bash and not another interpreter like zsh or dash when launching Airgeddon. A minimum bash version of 4.x is recommended for compatibility with modern script syntax and flow control.
Optional Language Tools
While Bash handles the core operations, some Airgeddon modules integrate with Python or Perl scripts. These are not mandatory for all modes but become essential when extending functionality. For example, modules involving SSLstrip or special handshake processing may use Python scripts to validate results or extract handshake data. Ensuring Python 3 is installed can help avoid module errors or script crashes in certain configurations.
Mandatory Software Dependencies
Wireless Tools and Drivers
Airgeddon requires several essential wireless tools for operations like scanning, deauthentication, and handshake capturing. aircrack-ng is the foundational suite used to initiate monitor mode, perform packet analysis, and crack handshakes. iw, iproute2, and rfkill are needed for interface configuration and soft-block management.
For WPS-based attacks, tools such as Reaver, bully, and pixiewps are integrated. These allow testers to exploit vulnerabilities in routers using WPS and attempt PIN-based brute force. Without these tools, Airgeddon will not be able to execute WPS modules.
Network Configuration Utilities
Airgeddon leverages hostapd to create fake access points during Evil Twin attacks. The hostapd binary must be compiled with driver support for the user’s wireless chipset. Some Airgeddon modules require hostapd-wpe for enterprise attacks, which may need to be compiled manually on some distributions.
dnsmasq is used for DHCP and DNS redirection. This tool ensures that connected clients receive IP addresses and that all DNS requests are routed to the attacker-controlled phishing portal. lighttpd or apache2 is required to serve the login pages used in credential harvesting. Most distributions include these tools in their repositories, making installation straightforward.
Handshake and Hash Tools
Airgeddon supports both WPA handshake and PMKID attacks. For this purpose, tools like hcxdumptool and hcxtools are needed to collect and process PMKID hashes. hashcat is optionally used to perform password cracking with GPU acceleration. Without these tools, the handshake and hash modules within Airgeddon cannot function.
Scripting Utilities and Helpers
Utilities like macchanger, xterm, and util-linux add support for MAC spoofing, multi-window interface handling, and basic system commands. macchanger is often used to anonymize the MAC address of the attacker before launching an Evil Twin or WPS attack. xterm enables certain attack flows to be visualized in separate terminal windows during execution.
Optional but Recommended Tools
UI Enhancements and Terminal Utilities
For better interface handling, Airgeddon can use dialog or whiptail to display prompts and menus. These are optional but significantly enhance usability by configuration options in pop-up dialogue boxes rather than plain-text prompts.
The tool crunch is helpful when creating custom wordlists for brute-force password attacks. Although not directly required by Airgeddon itself, integration with tools like aircrack-ng or hashcat benefits from a built-in wordlist generator.
SSLstrip and SSLsplit Modules
Advanced phishing setups within Airgeddon may rely on sslstrip or sslsplit to intercept and downgrade HTTPS traffic. These modules require careful setup and sometimes specific versions of Python or patched versions of web server binaries. Not all distributions support these modules out of the box, so additional research may be needed if using SSL-based attacks.
Package Installation and Management
Using apt on Debian-based Systems
For Debian-based distributions like Kali and Ubuntu, installing Airgeddon’s dependencies is relatively simple. Most tools can be installed using a single command:
- bash: sudo pacman -S aircrack-ng hostapd dnsmasq lighttpd macchanger reaver pixiewps xterm hcxdumptool hcxtools hashcat
sudo apt install aircrack-ng hostapd dnsmasq lighttpd macchanger reaver pixiewps xterm hcxdumptool hcxtools hashcat
If any package is missing, the Airgeddon script automatically checks for it and provides feedback. The script even suggests installation commands in most cases.
Using pacman and dnf for Other Distributions
On Arch-based systems, packages are installed using pacman:
sudo pacman -S aircrack-ng hostapd dnsmasq lighttpd macchanger reaver pixiewps xterm hcxdumptool hcxtools hashcat
For Fedora, tools are installed via dnf, although not all may be available. In such cases, manual compilation or use of third-party repositories may be required. Always ensure hostapd is compiled with support for your Wi-Fi chipset.
Wireless Adapter Requirements
Compatibility with Monitor Mode and Injection
Airgeddon depends on wireless interfaces capable of monitor mode and packet injection. Chipsets from Atheros, Ralink, and Realtek are known for broad support. Tools like airmon-ng or iwconfig help users identify if their adapter supports the required features. Not all USB dongles are compatible, and some require kernel module patching or special firmware.
Recommendations for Dual Adapter Setup
To improve stability and performance, testers often use two adapters—one for monitoring and one for broadcasting the rogue access point. This configuration ensures that handshake capturing, DoS, and Evil Twin broadcasting do not interfere with each other. Dual adapter setups are especially important for real-time attacks in enterprise simulations.
Troubleshooting Environment Issues
Common Installation Errors
Users may encounter issues like missing dependencies, permission denials, or conflicting tools. These are often due to outdated repositories or incompatible packages. Errors related to missing Python modules, broken symbolic links, or network interface conflicts are also common.
Script-Based Auto-Checks by Airgeddon
Airgeddon includes an environment checker that runs before any attack module is launched. This checker verifies whether required tools are installed and whether the network interfaces are ready. Logs and error messages are clearly presented, allowing users to fix issues without needing to debug the script manually.
Conclusion
Airgeddon depends on a tightly configured operating system and a range of supporting tools to function correctly. When all dependencies are satisfied, the script can perform highly automated and effective wireless security tests. Using Kali Linux as the base OS simplifies many of the installation steps and provides direct compatibility. Users running Arch or Fedora must be prepared to install tools manually or compile them as needed. Ensuring that all tools—like hostapd, dnsmasq, and aircrack-ng—are properly installed, updated, and functional is the key to successful use of Airgeddon in both personal labs and professional penetration testing engagements.
