ESP32-WROOM Wi-Fi Penetration Tool: Quick Start Guide

Credit: Script and concept inspired by risinek/esp32-wifi-penetration-tool, esptool, and linuxdroid.

rootmadhav

~2 min read · October 19, 2025 (Updated: October 19, 2025) · Free: Yes

Introduction

The ESP32 is a powerful, low-cost microcontroller that can be used for educational wireless security research. This guide walks you through the process of setting up and using the ESP32-WROOM with the Wi-Fi Penetration Tool to perform various Wi-Fi attacks — such as WPA/WPA2 handshake capture, deauthentication, and more.

Prerequisites

ESP32-WROOM device
Type-C or MicroUSB (Type-D/A) cable for connection
Windows PC (for running scripts and tools)
GitHub repo: ESP32 Wi-Fi Penetration Tool
ESP32Window tool (esptool): Download here

Directory Structure

Below is the key directory tree (all files are stored in same folder) for flashing and running scripts:

bootloader.bin
esp32-wifi-penetration-tool.bin
espefuse.exe
espsecure.exe
esptool.exe
esp_rfc2217_server.exe
LICENSE
partition-table.bin
README.md

Step 1: Flashing the ESP32

Download all necessary binaries from the build/ folder of the GitHub repo.
Connect the ESP32-WROOM to your computer using a MicroUSB cable.
Open cmd on Windows and navigate to the directory containing your binaries and tools.
Run the following flashing command:

esptool.exe --port COM3  -b 115200 --after hard-reset write-flash --flash-mode dio --flash-freq 40m --flash-size detect 0x8000 partition-table.bin 0x1000 bootloader.bin 0x10000 esp32-wifi-penetration-tool.bin

# Change COM3 to match your PC's available port (check using typing mode on cmd,if not shown install CP201x Windows Drivers).

Wait for the flashing process to complete, then reconnect your ESP32 to the PC.

Step 2: Management AP Setup

Connect to Wi-Fi: By default: SSID: ManagementAPPassword: mgmtadmin
Open Browser: Visit 192.168.4.1 to access the ESP32 web client for tool configuration.

Step 3: Attack Selection & Execution

Within the web client, select: attack_type_handshake deauth_rogue_APSet timeout to 60secClick Start
Wi-Fi will disconnect.
Reconnect to ManagementAP
Download handshake files:
Download .hccapx file to crack with Hashcat Or download .cap file for aircrack-ng

Step 4: Offline Cracking

To crack the handshake:
Hashcat: Use the .hccapx file in Hashcat.

hashcat -a 0 -m 22000 <.cap file here> <wordlist here>

Aircrack-ng:

aircrack-ng <.cap file here> -w <wordlist here> -e <name of AP>

Replace <.cap file here>, <wordlist here>, and <name of AP> as needed.

Useful Links

Project GitHub: risinek/esp32-wifi-penetration-tool
ESPTool Releases: esptool
Video Demo & Support: YouTube Setup Guide

Credits

Tool & script: risinek
Additional support: linuxdroid
For advanced usage and educational research only! Ensure you have network owner's permission before running penetration tests!

#wifi #pentest #hardware #programming