Skip to content
/ hcxtools Public
forked from ZerBea/hcxtools

Small set of tools to capture and convert packets from wlan devices for the use with latest hashcat (recommended by hashcat). Support for hashcat hash-modes (2500, 2501, 4800, 5500, 12000 and upcomming 15800).

License

MIT license
0 stars 394 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

diegodieguex/hcxtools

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

325 Commits
usefullscripts
usefullscripts
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
berkeleyfilter.h
berkeleyfilter.h
 
 
com_md5_64.c
com_md5_64.c
 
 
com_md5_64.h
com_md5_64.h
 
 
common.c
common.c
 
 
common.h
common.h
 
 
gpiowait.odg
gpiowait.odg
 
 
license.txt
license.txt
 
 
pioff.c
pioff.c
 
 
whoismac.c
whoismac.c
 
 
wlancap2hcx.c
wlancap2hcx.c
 
 
wlancap2wpasec.c
wlancap2wpasec.c
 
 
wlancapinfo.c
wlancapinfo.c
 
 
wlancow2hcxpmk.c
wlancow2hcxpmk.c
 
 
wlandump-ng.c
wlandump-ng.c
 
 
wlanhashhcx.c
wlanhashhcx.c
 
 
wlanhc2hcx.c
wlanhc2hcx.c
 
 
wlanhcx2cap.c
wlanhcx2cap.c
 
 
wlanhcx2essid.c
wlanhcx2essid.c
 
 
wlanhcx2john.c
wlanhcx2john.c
 
 
wlanhcx2ssid.c
wlanhcx2ssid.c
 
 
wlanhcxcat.c
wlanhcxcat.c
 
 
wlanhcxinfo.c
wlanhcxinfo.c
 
 
wlanhcxmnc.c
wlanhcxmnc.c
 
 
wlanpmk2hcx.c
wlanpmk2hcx.c
 
 
wlanrcascan.c
wlanrcascan.c
 
 
wlanresponse.c
wlanresponse.c
 
 
wlanwkp2hcx.c
wlanwkp2hcx.c
 
 

Repository files navigation

hcxtools

Small set of tools to capture and convert packets from wlan devices for the use with latest hashcat. The tools are 100% compatible to hashcat and recommended by hashcat (that means hcxtools 3.6.0 working with hashcat 3.6.0). Support for hashcat hash-modes (2500, 2501, 4800, 5500, 12000, 15800). After capturing, upload the "uncleaned" cap here (http://wpa-sec.stanev.org/?submit) to see if your ap is vulnerable by using common wordlists. Convert the cap to hccapx and check if wlan-key or plainmasterkey was transmitted unencrypted.

Brief description

Multiple stand-alone binaries - designed to run on Raspberry Pi's.

All of these utils are designed to execute only one specific function.

Read this post: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (https://hashcat.net/forum/thread-6661.html)

Detailed description

Tool Description
wlandump-ng Small, fast and powerfull deauthentication/authentication/response tool
wlanresponse Extreme fast deauthentication/authentication/response tool (unattended use on Raspberry Pi's)
wlanrcascan Small, fast and simple passive WLAN channel assignment scanner (status output)
pioff Turns Raspberry Pi off via GPIO switch
wlancapinfo Shows info of pcap file
wlancap2hcx Converts cap to hccapx and other formats (recommended for use with wlandump-ng and wlanresponse)
wlanhcx2cap Converts hccapx to cap
wlanhc2hcx Converts hccap to hccapx
wlanwkp2hcx Converts wpk (ELMCOMSOFT EWSA projectfile) to hccapx
wlanhcx2essid Merges hccapx containing the same ESSID
wlanhcx2ssid Strips BSSID, ESSID, OUI
wlanhcxinfo Shows detailed info from contents of hccapxfile
wlanhcxmnc Manually do nonce correction on byte number xx of a nonce
wlanhashhcx Generate hashlist from hccapx hashfile (md5_64 hash:mac_ap:mac_sta:essid)
wlanhcxcat Simple password recovery tool (hash-modes 2500, 2501 and 15800)
wlanpmk2hcx Converts plainmasterkey and ESSID for use with hashcat hash-mode 12000
wlancow2hcxpmk Converts pre-computed cowpatty hashfiles for use with hashcat hash-mode 2501
wlanhcx2john Converts hccapx to format expected by John the Ripper
wlancap2wpasec Upload multiple caps to http://wpa-sec.stanev.org
whoismac Show vendor information

Compile

Simply run:

make
make install (as super user)

or (with GPIO support - hardware mods required)

make GPIOSUPPORT=on
make GPIOSUPPORT=on install (as super user)

Requirements

  • Linux (recommended Arch, but other distros should work, too). Don't use Kernel 4.4 (rt2x00 driver regression)

  • libpcap and pcap-dev installed

  • libopenssl and openssl-dev installed

  • librt and librt-dev installed (should be installed by default)

  • libcurl and curl-dev installed (used by whoismac and wlancap2wpasec)

  • Raspberry Pi: additionally libwiringpi and wiringpi dev installed (Raspberry Pi GPIO support)

  • Chipset must be able to run in monitor mode. Recommended: RALINK chipset (good receiver sensitivity), rt2x00 driver (stable and fast)

  • Raspberry Pi (Recommended: A+ = very low power consumption or B+)

Useful scripts

Script Description
bash_profile Autostart for Raspberry Pi (copy to /root/.bash_profile)
pireadcard Back up a Pi SD card
piwritecard Restore a Pi SD card
makemonnb Example script to activate monitor mode
killmonnb Example script to deactivate monitor mode

Notice

Most output files will be appended to existing files (with the exception of .cap files).

Warning

You must use wlandump-ng and wlanresponse only on networks you have permission to do this, because

  • wlandump-ng/wlanresponse are able to prevent complete wlan traffic

  • wlandump-ng/wlanresponse are able to capture handshakes from not connected clients

  • wlandump-ng/wlanresponse are able to capture handshakes from 5GHz clients on 2.4GHz

  • wlandump-ng/wlanresponse are able to capture extended EAPOL (RADIUS, GSM-SIM, WPS)

  • wlandump-ng/wlanresponse are able to capture passwords from the wlan traffic

  • wlandump-ng/wlanresponse are able to capture plainmasterkeys from the wlan traffic

  • wlandump-ng/wlanresponse are able to capture usernames and identities from the wlan traffic

About

Small set of tools to capture and convert packets from wlan devices for the use with latest hashcat (recommended by hashcat). Support for hashcat hash-modes (2500, 2501, 4800, 5500, 12000 and upcomming 15800).

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 97.2%
  • Makefile 1.2%
  • Other 1.6%