The Idea:

Default WPA passwords are mostly 10 chars (HEXCHARS) -> 0123456789ABCDEF

oke,

if you want to make a wordlist, the size of the list will be more then 10Gb! so leave it..

now... if we grep the source of aircrack-ng and a wordlist maker...

Modified AirCrack-NG Description/Parameters.

aircrack-wpa-ng [handshake-file] [Start Password] [End Password]

and open it like 50 times / threads.

First .. -> 00000000000 - 1000000000
Sec .. -> 10000000001 - 2000000000

,,
,,
,,
,,
Last -> F0000000000 -> FFFFFFFFFF

If you have a fast comp. then we can break it in more threads..

Is this a solution for WPA cracking without wordlist?!, or does a bruteforcer exist? I didn't google it but don't think so..

If the password is found kill all active windows.. and store it in /tmp/WPA-FOUND.txt ..

:\ I think it's better then creating a 10char HEXDEC wordlist.. for the USB Drive

If you think it's usefull I gonna take a look this week.. And finish it