General Assumptions:
iw dev wlan0 scan | grep SSID ## wireless networks within the range of the wireless card (wlan0) are detected
airmon-ng start wlan0 ## setting the wireless card (wlan0) to monitor mode
airodump-ng wlan0mon ## detecting surrounding networks by listening to the network in monitor mode
iwconfig wlan0mon channel 3 ## change the channel where the wireless network card is located
iwlist wlan0mon channel ## view the channel where the wireless network card is located
airodump-ng -c 3 --bssid <AP_MAC> -w <capture_file> wlan0mon ## listening to the target AP on the specified channel
WEP? or WPA/WPA2?
WEP;
AUTH: OPN? or SKA?
AUTH: OPN;
Any client connected to AP? YES? or NO?
> YES;
# ARP Request Replay Attack
# Interactive Packet Replay Attack
# Deauthentication Attack (can be used in both cases (yes or no))
> NO;
# Fake Authentication Attack (can be used in both cases (yes or no))
# Fragmentation Attack
# Korek ChopChop Attack
AUTH: SKA (Bypassing WEP Shared Key Authentication);
## There is a client connected to the AP. You can follow the steps below to attack;
# Deauthentication Attack
# Fake Shared Key Authentication Attack
# ARP Request Replay Attack
# Deauthentication Attack
# Aircrack-ng
WPA/WPA2
# Deauthentication Attack
# with Aircrack-ng
# with JTR and Aircrack-ng
# with coWPAtty
# with Pyrit