- Saved searches
- Use saved searches to filter your results more quickly
- License
- warecrer/Hcxpcaptool
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.md
- Saved searches
- Use saved searches to filter your results more quickly
- License
- Crowcker/hcxtools
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.md
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
License
warecrer/Hcxpcaptool
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
Small set of tools convert packets from captures (h = hash, c = capture, convert and calculate candidates, x = different hashtypes) for the use with latest hashcat or John the Ripper. The tools are 100% compatible to hashcat and John the Ripper and recommended by hashcat. This branch is pretty closely synced to hashcat git branch (that means: latest hcxtools matching on latest hashcat beta) and John the Ripper git branch («bleeding-jumbo»).
Support for hashcat hash-modes: 2500, 2501, 4800, 5500, 12000, 16100, 16800, 16801
Support for John the Ripper hash-modes: WPAPSK-PMK, PBKDF2-HMAC-SHA1, chap, netntlm, tacacs-plus
After capturing, upload the «uncleaned» cap here (https://wpa-sec.stanev.org/?submit) to see if your ap or the client is vulnerable by using common wordlists. Convert the cap to hccapx and/or to WPA-PMKID-PBKDF2 hashline (16800) and check if wlan-key or plainmasterkey was transmitted unencrypted.
Multiple stand-alone binaries — designed to run on Arch Linux.
All of these utils are designed to execute only one specific function.
Read this post: hcxtools — solution for capturing wlan traffic and conversion to hashcat formats (https://hashcat.net/forum/thread-6661.html)
| Tool | Description |
|---|---|
| hcxpcaptool | Shows info of pcap/pcapng file and convert it to other hashformats accepted by hashcat and John the Ripper |
| hcxhashcattool | Calculate PMKs from hashcat -m 2500 potfile |
| wlanhcx2cap | Converts hccapx to cap |
| wlanhc2hcx | Converts hccap to hccapx |
| wlanwkp2hcx | Converts wpk (ELMCOMSOFT EWSA projectfile) to hccapx |
| wlanhcx2essid | Merges hccapx containing the same ESSID |
| wlanhcx2ssid | Strips BSSID, ESSID, OUI |
| wlanhcxinfo | Shows detailed info from contents of hccapxfile |
| wlanhcxmnc | Help to calculate hashcat’s nonce-error-corrections value on byte number xx of an anonce |
| wlanhashhcx | Generate hashlist from hccapx hashfile (md5_64 hash:mac_ap:mac_sta:essid) |
| wlanhcxcat | Simple password recovery tool for WPA/WPA2/WPA2 SHA256 AES-128-CMAC (hash-modes 2500, 2501) |
| wlanpmk2hcx | Converts plainmasterkey and ESSID for use with hashcat hash-mode 12000 or john PBKDF2-HMAC-SHA1 |
| wlanjohn2hcx | Converts john wpapsk hashfiles for use with hashcat hash-modes 2500, 2501 |
| wlancow2hcxpmk | Converts pre-computed cowpatty hashfiles for use with hashcat hash-mode 2501 |
| wlanhcx2john | Converts hccapx to format expected by John the Ripper |
| wlanhcx2psk | Calculates candidates for hashcat based on the hccapx file |
| wlancap2wpasec | Upload multiple caps to https://wpa-sec.stanev.org |
| whoismac | Show vendor information and/or download oui reference list |
make make install (as super user) - Linux (recommended Arch Linux, but other distros should work, too (no support for other distributions).
- libopenssl and openssl-dev installed
- librt and librt-dev installed (should be installed by default)
- zlib and zlib-dev installed (for gzip compressed cap/pcap/pcapng files)
- libcurl and curl-dev installed (used by whoismac and wlancap2wpasec)
- libpthread and pthread-dev installed (used by hcxhashcattool)
To install requirements on Kali use the following ‘apt-get install libcurl4-openssl-dev libssl-dev zlib1g-dev libpcap-dev’
| Script | Description |
|---|---|
| piwritecard | Example script to restore SD-Card |
| piwreadcard | Example script to backup SD-Card |
Most output files will be appended to existing files (with the exception of .cap files).
Bitmask message pair field (hcxpcaptool)
4: ap-less attack (set to 1) — no nonce-error-corrections neccessary
5: LE router detected (set to 1) — nonce-error-corrections only for LE neccessary
6: BE router detected (set to 1) — nonce-error-corrections only for BE neccessary
7: not replaycount checked (set to 1) — replaycount not checked, nonce-error-corrections definitely neccessary
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
License
Crowcker/hcxtools
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
Small set of tools convert packets from captures (h = hash, c = capture, convert and calculate candidates, x = different hashtypes) for the use with latest hashcat or John the Ripper. The tools are 100% compatible to hashcat and John the Ripper and recommended by hashcat. This branch is pretty closely synced to hashcat git branch (that means: latest hcxtools matching on latest hashcat beta) and John the Ripper git branch («bleeding-jumbo»).
Support for hashcat hash-modes: 4800, 5500, 2200x, 16100, 250x (deprecated), 1680x (deprecated)
Support for John the Ripper hash-modes: WPAPSK-PMK, PBKDF2-HMAC-SHA1, chap, netntlm, tacacs-plus
After capturing, upload the «uncleaned» cap here (https://wpa-sec.stanev.org/?submit) to see if your ap or the client is vulnerable by using common wordlists. Convert the dump file to WPA-PBKDF2-PMKID+EAPOL hash file and check if wlan-key or plainmasterkey was transmitted unencrypted.
Multiple stand-alone binaries — designed to run on Arch Linux.
All of these utils are designed to execute only one specific function.
Read this post: hcxtools — solution for capturing wlan traffic and conversion to hashcat formats (https://hashcat.net/forum/thread-6661.html)
Read this post: New attack on WPA/WPA2 using PMKID (https://hashcat.net/forum/thread-7717.html)
| Tool | Description |
|---|---|
| hcxpcapngtool | Provide new hashcat format 22000 |
| hcxhashtool | Provide various filter operations on new PMKID/EAPOL hash line |
| hcxpsktool | Calculates candidates for hashcat and john based on based on hcxpcapngtool output or commandline input |
| hcxeiutool | Prepare -E -I -U output of hcxpcapngtool for use by hashcat + rule or JtR + rule |
| hcxwltool | Calculates candidates for hashcat and john based on mixed wordlists |
| hcxhash2cap | Converts hash file (PMKID&EAPOL, PMKID, EAPOL-hccapx, EAPOL-hccap, WPAPSK-john) to cap |
| wlancap2wpasec | Upload multiple (gzip compressed) pcapng, pcap and cap files to https://wpa-sec.stanev.org |
| whoismac | Show vendor information and/or download oui reference list |
| deprecated | obsolete and — no longer under maintenance — will be removed, soon |
|---|---|
| hcxmactool | Various MAC based filter operations on HCCAPX and PMKID files — convert hccapx and/or PMKID to new hashline format |
| hcxpmkidtool | CPU based tools to verify a PMKID |
| hcxessidtool | Various ESSID based filter operations on HCCAPX and PMKID files |
| hcxhashcattool | Convert old hashcat ( |
git clone https://github.com/ZerBea/hcxtools.git cd hcxtools make make install (as super user) Or install via packet manager of your distribution
Black Arch is an Arch Linux-based penetration testing distribution for penetration testers and security researchers
pacman -S hcxtools
Homebrew is 3-rd party package manager for macOS
brew install hcxtools
- Linux (recommended Arch Linux, but other distros should work, too (no support for other distributions).
- gcc 10 recommended (deprecated versions are not supported: https://gcc.gnu.org/)
- libopenssl and openssl-dev installed
- librt and librt-dev installed (should be installed by default)
- zlib and zlib-dev installed (for gzip compressed cap/pcap/pcapng files)
- libcurl and curl-dev installed (used by whoismac and wlancap2wpasec)
- libpthread and pthread-dev installed (used by hcxhashcattool)
- pkg-config installed
To install requirements on Kali use the following ‘apt-get install pkg-config libcurl4-openssl-dev libssl-dev zlib1g-dev’
| Script | Description |
|---|---|
| piwritecard | Example script to restore SD-Card |
| piwreadcard | Example script to backup SD-Card |
| hcxgrep.py | Extract records from hccapx/pmkid file based on regexp |
Most output files will be appended to existing files (with the exception of pcapng, pcap, cap files).
It is recommended to use hash mode 22000 (22001) instead of deprecated hash modes 2500 (2501) and 16800 (16801)
Bitmask message pair field (hcxpcapngtool)
000 = M1+M2, EAPOL from M2 (challenge)
001 = M1+M4, EAPOL from M4 if not zeroed (authorized)
010 = M2+M3, EAPOL from M2 (authorized)
011 = M2+M3, EAPOL from M3 (authorized) — unused»
100 = M3+M4, EAPOL from M3 (authorized) — unused»
101 = M3+M4, EAPOL from M4 if not zeroed (authorized)»
4: ap-less attack (set to 1) — no nonce-error-corrections necessary
5: LE router detected (set to 1) — nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) — nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) — replaycount not checked, nonce-error-corrections definitely necessary