Marfil is an extension of the Aircrack-ng suite, used to assess WiFi network security. It allows to split the work of performing long running dictionary attacks among many computers.


The Aircrack-ng suite provides the aircrack-ng tool, which is a 802.11 WEP and WPA/WPA2-PSK key cracking program. When cracking the latter, a dictionary or word list has to be used. The longer these dictionaries are, the longer the process takes. Depending on your hardware it could even take days or weeks.

If you happen to have some additional hardware at your disposal aircrack-ng does not allow you to distribute the load between them: you have to choose the fastest one and stick to it. This is exactly where Marfil comes to play.


Marfil is a php-based tool that distributes the cracking load between different nodes. The approach followed is considerably simple: instead of using only one node to crack a .cap file using a big dictionary it splits the dictionary and distributes it among the rest of the nodes. The high-level process goes like this:

  1. Dictionaries to use are configured in the server node
  2. A client node sends a crack request to the server includes a .cap file and the BSSID of the target network)
  3. Clients ask the server for work
  4. Once work is needed the server answers with a .cap file and BSSID along with a dictionary piece
  5. Clients perform the cracking on their own and when finished return the result
  6. The server updates the status of the crack request according to the result
  7. Eventually, either the .cap file is processed against all parts of a dictionary without success or the password is found

The process repeats. Note the first step is only needed for the first time or whenever the dictionaries are updated. The server node can also work as a client node.


  1. aircrack-ng suite
  2. PHP >= 5.5.9
  3. SQLite module for PHP5 (only needed for the server node)
  4. Composer (only needed if you do not download the release from the releases section)

Marfil has only been tested on Linux so far. However, the approach followed and the tools used are considerably platform-independent so it should also work on Windows or Mac.


Initial setup and dictionary configuration
  1. Download the most up-to-date file in the release section
  2. Decompress it in all your nodes (server and clients)
  3. Install PHP5 and the aircrack-ng suite in all clients

    On Debian Linux you can do this by running this command:

    sudo apt-get install php5 aircrack-ng

  4. Install SQLite module for PHP5 on the server

    On Debian Linux you can do this by running this command:

    sudo apt-get install php5-sqlite

  5. On the server node, start a web server setting the root as the public directory in the Marfil directory

    Using PHP’s built-in web server, this can be done by running the following command in the Marfil directory:

    php -S -t public

    You can test this worked by accessing http://localhost:8080 in a browser on your server node and see an empty list of crack requests

  6. Make sure you can access the web server from your clients by accessing http://YOUR_SERVER_IP_ADDRESS:8080 in a web browser from your clients
  7. Place dictionaries in the storage/app/dictionaries directory. Search the web for word lists, if you don’t have any
  8. Execute this command in the Marfil directory to split the dictionaries into pieces and prepare the dictionary database (depending on the size of the dictionaries, it might take a while):

    php artisan marfil:refresh-dictionaries

Adding crack requests and working on them
  1. In order to add crack requests, a .cap file with the WPA handshake and the BSSID of the target network is needed. This can either be done through the web server interface or by executing the following command in the Marfil directory of any node:

    php artisan marfil:crack YOUR_SERVER_IP_ADDRESS:8080 path/to/file.cap 01:23:45:67:89:AB

  2. Any successfully generated crack request can be displayed in the web server interface
  3. Any of the nodes can be used as a worker client. In order to do so just run the following command in the Marfil directory:

    php artisan marfil:work YOUR_SERVER_IP_ADDRESS:8080

    This command will make the client ask for work every 60 seconds. When the server responds with work, the client will download the needed files and try to crack the .cap file.

  4. Progress can be tracked by means of the web interface