hcxtools
Tools for converting wireless captures to hashcat or John the Ripper formats. Portable solution for capturing WLAN traffic and conversion to hashcat (recommended) and John the Ripper formats.
Description
hcxtools provides a suite of utilities for processing WLAN captures, extracting PMKID and EAPOL handshakes, and converting them into crackable hash formats for tools like hashcat (-m 22000) and John the Ripper. It supports various input formats including pcapng, pcap, and cap files, enabling security researchers and penetration testers to analyze WiFi authentication data.
Key use cases include converting captures from hcxdumptool to hash files, generating wordlists from ESSIDs and probe requests, filtering hashes by ESSID, MAC, or vendor, and testing PSKs or PMKs. Tools like hcxpcapngtool extract hashes and metadata, while hcxhashtool offers advanced filtering and grouping for optimized cracking workflows.
The package emphasizes lossless conversion where possible, but notes limitations like no nonce error corrections and issues with edited or merged capture files. It integrates with Wireshark/tshark for viewing and recommended practices include compressing dumps with gzip.
How It Works
hcxtools processes 802.11 frames from pcapng/pcap/cap files to extract PMKID (from RSN IE) and EAPOL message pairs (M1-M4), computing WPA-PBKDF2-PMKID+EAPOL hashes (hashcat -m 22000). It handles bitmasks for message pairs (e.g., 000=M1+M2, 101=M3+M4 authorized), applies filters on ESSID length, MAC, OUI, vendor, and replaycount status. Outputs include autohex-enabled wordlists from ESSIDs/probes, GPS NMEA data, and CSV AP info. Tools like hcxeiutool generate candidate lists from ESSIDs, hcxpsktool default PSKs, without nonce corrections—relying on hashcat for that.
Installation
sudo apt install hcxtoolsFlags
Examples
hcxeiutool -i elist -d digitlist -x xdigitlist -c charlist -s sclisthcxpcapngtool -o hash.22000 -E elist dump.pcapnghcxhashtool -i hashfile -o filtered.hc22000 --essid=TargetSSIDcat elist digitlist xdigitlist charlist sclist > wordlisttmphashcat --stdout -r <rule> charlist >> wordlisttmpcat wordlisttmp | sort | uniq > wordlisthashcat -m 22000 hash.22000 wordlisthcxpsktool -c hash.22000 -o psk_candidates.txt