How does the WiFi Audit API work?

Upload a PCAP file via REST API. We extract the handshake, run a dictionary attack against 14M+ known passwords, and return a professional PDF audit report with NIS2-compliant documentation.

Yes, when used on networks you own or have explicit written permission to test. Our reports include an authorization declaration for compliance documentation.

Does the WiFi Audit API support NIS2 compliance?

Yes. Our PDF reports satisfy NIS2 Article 21 requirements for wireless network security testing, including authorization declaration, test methodology, findings and remediation recommendations.

WiFi Security Audit · REST API · PDF Reports

PCAP in. Compliance report out.

Upload a WPA/WPA2 handshake capture and get a professional security audit PDF in seconds. Built for IT teams, pentesters and MSPs who need NIS2, ISO 27001 or SOC2 documentation.

Get Free API Key → See how it works

WiFi Audit API — quick start

# 1. Submit your PCAP file curl -X POST https://api.wifiaudit.io/v1/jobs \ -H "X-API-Key: wai_your_key" \ -F "pcap=@handshake.pcap" -F "ssid=CorpWifi" # 2. Poll until done (~15 seconds) curl https://api.wifiaudit.io/v1/jobs/$JOB_ID -H "X-API-Key: wai_..." → { "status": "done", "result": "found", "password": "***" } # 3. Download the PDF report curl .../jobs/$JOB_ID/report -o audit-report.pdf

How it works

From packet capture to compliance report in 3 steps

No software to install. No GPU required. Just an HTTP call.

Capture the handshake

Use airodump-ng, Wireshark or any standard tool to capture a WPA/WPA2 handshake from your network. Save as .pcap, .pcapng or .cap.

Upload via REST API

POST the file to our API with your SSID and client name. We extract the handshake and run a dictionary attack against 14M+ known passwords.

Download the PDF report

In ~15 seconds, download a professional audit PDF with findings, risk rating, remediation steps and NIS2 compliance documentation.

Sample Report

Professional audit documentation

Every audit generates a signed, compliance-grade PDF ready for your auditor or NIS2 authority.

WiFi Security Audit Report

22. 02. 2026 · Job ID: a1b2c3d4 · wifiaudit.io

⚠️

VULNERABLE Password found in dictionary

Network (SSID)CorpWiFi

ClientAcme Corp s.r.o.

Found password●●●●●●●●

Passwords tested14,344,391

Audit duration14.35 s

NIS2 Article 21✓ Documented

🔑

WPA/WPA2 cracking

Dictionary attack with 14M+ passwords via hashcat.

📄

PDF reports

Compliance-grade documentation, ready for auditors.

⚡

~15s per audit

GPU-accelerated — results in seconds, not hours.

🏷️

White-label

Add your company and client name to every report.

🔌

REST API

4 simple endpoints. Integrate in any language.

🔒

Auto-delete

Uploaded files deleted within 24 hours. No data retention.

Compliance

Built for regulatory frameworks

WiFi Audit reports are structured to satisfy the documentation requirements of major security frameworks.

NIS2

Maps to Article 21(2)(a) and 21(2)(e) — network security policies and risk analysis.

ISO 27001

Supports control A.8.20 (Network security) and A.5.37 (Documented procedures).

SOC 2

Evidence for CC6.7 (Logical access) and CC7.1 (System monitoring) trust criteria.

PCI DSS

Supports Requirement 11.3 — penetration testing for wireless networks.

Who it's for

Built for security professionals

Whether you run one audit a month or hundreds, WiFi Audit API fits your workflow.

🔍

Pentesters

Automate WiFi audit reports for client engagements. Upload the PCAP, download the signed PDF. Done.

🏢

MSPs & IT Consultants

Offer WiFi security audits as a service. White-label PDFs with client names, delivered via API.

🛡️

Compliance Teams

Document wireless security controls for NIS2, ISO 27001 and SOC2 auditors. Ready to sign off.

💻

IT Security Engineers

Integrate recurring WiFi audits into your security stack. REST API, any language, any CI/CD.

API Reference

Four endpoints. That's it.

Simple HTTP API with API key auth. Full OpenAPI spec available.

Submit audit job

POST /v1/jobs
X-API-Key: wai_your_key
Content-Type: multipart/form-data

pcap=capture.pcap
ssid=CorporateWiFi
client_name=Acme Corp
        

Response

202 Accepted

{
  "job_id": "a1b2c3...",
  "status": "pending",
  "ssid": "CorporateWiFi"
}
        

Check status

GET /v1/jobs/{job_id}

{
  "status": "done",
  "result": "found",
  "found_password": "***",
  "crack_duration_seconds": 14.35
}
        

All endpoints

GET  /v1/health
# API status + wordlists

POST /v1/jobs
# Submit PCAP → returns job_id

GET  /v1/jobs/{id}
# pending / running / done

GET  /v1/jobs/{id}/report
# Download PDF
        

Pricing

Simple, transparent pricing

Start free. No credit card required. Scale when you need to.

Free

$0 / month

For evaluation and personal use

3 audits per month
PDF reports included
WPA/WPA2 support
REST API access
Community support

Start Free

Pro

$49 / month

For pentesters and small MSPs

100 audits per month
Client name on reports
Priority processing
Job history + export
Email support

Get Started

Enterprise

Custom

For MSPs, MSSPs and enterprises

Unlimited audits
White-label reports
Custom wordlists
On-premise deployment
SLA + dedicated support

Contact Sales

FAQ

Frequently asked questions

What is a WiFi security audit?

A WiFi security audit tests whether your WPA/WPA2 network password can be found in known password databases (dictionary attack). It is a required security control under NIS2, ISO 27001 and SOC2 frameworks. A passing audit demonstrates that your wireless network meets minimum password strength requirements.

Is this legal to use?

Yes, when used on networks you own or have explicit written permission to test. Our audit reports include an authorization declaration section for compliance documentation. Testing networks without authorization is illegal in most jurisdictions.

How do I capture a WPA handshake?

Use airodump-ng on Linux/Kali to put your wireless adapter into monitor mode and capture traffic. When a client connects (or reconnects after a deauth), the 4-way handshake is saved to a .cap file — that's what you upload to our API.

What happens to my PCAP file after upload?

Uploaded PCAP files and generated reports are automatically deleted 24 hours after the audit completes. We do not share or retain your data beyond the audit window.

What if the password is not found?

The report documents this as a passing result. The network is not vulnerable to dictionary attacks using known passwords. The PDF includes passwords tested and duration as compliance evidence.

Does it support WPA3?

WPA3 uses SAE which is significantly more resistant to offline attacks. We currently focus on WPA/WPA2-PSK. WPA3 support is on our roadmap.