Wifi password tool without packet captures

Wifi password tool without packet captures

I've been doing a pen test on a network with some good results. I'm running into a big issue that I can't find a solution to anywhere. I've been able to break 3 of the wifi passwords. There is 1 last router but its a different manufacturer, uses WPA2 and has disabled WPS. I don't think the admin knows he left wifi on, but its the most critical part of the network so everyone connected to it is wired to it. It would take a long time to explain the (bad) network setup but it can't be reached from any other part of the network. All of the wifi passwords follow a pattern and I'm certain this will follow the same pattern. The pattern is a prefixed name followed by 2 random characters (WifiSpot8K, WifiSpot0G, etc). Since there is no traffic (or handshakes) to capture since no one uses the wifi, is there a tool or script that can brute force the password by attempting to connect to it? Assuming the random characters are only uppercase and numeric, it would involve just over 1,200 tries.