WiFi Password Recoverywifipassword.org
Tool Comparison

Aircrack-ng vs Hashcat vs John the Ripper for WPA Cracking

Three popular open-source tools cover the WPA recovery workflow, but each has a different role. Aircrack-ng captures and orchestrates; Hashcat is the GPU-accelerated cracker; John the Ripper is a CPU-focused alternative with strong scripting. Understanding which tool does what prevents wasting setup effort on the wrong combination.

Top Tool by Stage

Capture and convert: aircrack-ng (or hcxdumptool for modern PMKID). GPU cracking against captured handshakes: Hashcat mode 22000. CPU-focused or scripted attacks: John the Ripper. Most modern workflows are: hcxdumptool capture → hcxpcapngtool convert → Hashcat 22000 crack. The aircrack-ng-internal cracker is mostly legacy.

Open-Source WPA Tools Side-by-Side

FeatureAircrack-ngHashcat (m22000)John the Ripper
Captures handshakesYes (airodump-ng)No — needs capture from elsewhereNo
GPU accelerationLimited (CPU-mostly)Excellent — CUDA, OpenCLOpenCL extension (Jumbo)
Speed for crackingSlow vs HashcatFastestSlower than Hashcat
Cross-platformLinux/Mac, Windows limitedAll platformsAll platforms
Scripting / customisationStandard CLIStrong rules engineExcellent rule-based
PMKID support (modern)LimitedYes — mode 22000/22001Yes via plugins
Wordlist + rules engineBasicComprehensiveBest-in-class rules

Use Aircrack-ng For

Capture and reconnaissance phases.

  • airodump-ng for capturing handshakes
  • aireplay-ng for deauth (forcing reassociation)
  • Channel hopping and AP discovery
  • Initial workflow before passing data to a cracker
  • Modern alternative: hcxdumptool for PMKID-only capture

Use Hashcat For

The actual password search against captured material.

  • GPU-accelerated cracking (mode 22000)
  • Multi-GPU clusters for serious work
  • Rule-based attacks against complex password patterns
  • Modern PMKID + EAPOL unified format
  • Industry-standard for WPA recovery in 2026

Use John the Ripper For

When CPU-focused or rule-heavy attacks fit better.

  • Combined runs across many hash types
  • Highly customised rule chains
  • When GPU isn't available
  • Rule generation for Hashcat (john rules port)
  • Penetration testing scripts

Modern Workflow in 2026

The standard open-source WPA recovery workflow in 2026: hcxdumptool captures PMKID directly from APs (no client interaction needed). hcxpcapngtool converts the .pcapng to .hc22000 format. Hashcat -m 22000 runs the password search using your wordlist and rules.

This bypasses the older 4-way handshake capture requirement. PMKID alone is enough for most modern routers.

When Aircrack-ng's Cracker Itself Is Used

aircrack-ng has a built-in cracker (aircrack-ng -w wordlist file.cap), but it's CPU-only and slow vs Hashcat. Useful for quick dictionary tests on small wordlists, but Hashcat is the right tool for any non-trivial search.

If you have only a CPU, aircrack-ng's cracker still works. It's just much slower than Hashcat with even a mid-range GPU.

Cloud Service Alternative

wifipassword.org runs Hashcat 22000 on multi-GPU clusters with managed wordlists. The trade-off vs DIY: cost (cloud is paid), speed (cloud is faster), privacy (file leaves your machine briefly).

For one-off recovery of your own home network, cloud is usually the simplest path. For ongoing penetration-testing work, DIY with Hashcat on owned hardware is more economical.

Hardware Realities

Hashcat throughput against mode 22000 on consumer GPUs: RTX 3060 ~600,000 H/s. RTX 4090 ~3M+ H/s. Top-tier rigs (multi-4090) reach 10M+ H/s.

John the Ripper Jumbo with OpenCL is in the same general range as Hashcat but typically slightly slower for raw throughput. John's strength is rule customisation, not peak speed.

Aircrack-ng: 1,000-50,000 attempts per second depending on CPU. Two orders of magnitude slower than GPU tools.

Frequently Asked Questions

Is hashcat the only choice for serious WPA cracking?
Effectively yes for raw speed. John the Ripper is competitive in some specialised cases (heavy rule chains). Aircrack-ng's built-in cracker is mostly legacy.
Can I use aircrack-ng without GPU?
Yes — aircrack-ng's cracker is CPU-only and still functional. Just expect 100-1000x slower than Hashcat with a GPU. Reasonable for quick dictionary tests.
What's the cloud service equivalent?
wifipassword.org accepts captured .hc22000 files (or converts .cap/.pcap/.hccapx) and runs cloud Hashcat. Same cracking math, different operational model.
Is it legal to crack my own home network?
Yes in every Tier 1 jurisdiction. Unauthorised cracking of someone else's network is illegal regardless of technique.
Should I learn aircrack-ng if I just want to recover my home WiFi?
If one-off recovery, cloud service is faster. If you want to learn the technique long-term, aircrack-ng + Hashcat is the open-source learning path.

Skip the Setup — Use Cloud Cracking

Upload your .hc22000 (or .pcap/.cap/.hccapx and we'll convert) for managed Hashcat cracking on multi-GPU clusters. Pay only on success.

Run Free Analysis

Related Reading

WPA-PMKID-EAPOL Unified FormatLegacy EAPOL ModeWPA3 vs WPA2 DifferencesHashcat 22000 Tutorial