{"id":13540261,"url":"https://github.com/zerbea/hcxtools","last_synced_at":"2026-02-08T13:04:06.952Z","repository":{"id":38462978,"uuid":"87620707","full_name":"ZerBea/hcxtools","owner":"ZerBea","description":"A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper. ","archived":false,"fork":false,"pushed_at":"2025-04-06T08:50:41.000Z","size":3567,"stargazers_count":2131,"open_issues_count":1,"forks_count":405,"subscribers_count":104,"default_branch":"master","last_synced_at":"2025-04-09T17:19:44.595Z","etag":null,"topics":["handshake","hashcat","hccapx","john-the-ripper","pcap","pcapng","penetration-testing-framework","raspberry-pi","wifi","wifi-security","wlan","wlan-traffic","wpa","wpa2"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ZerBea.png","metadata":{"files":{"readme":"README.md","changelog":"changelog","contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-08T08:47:44.000Z","updated_at":"2025-04-07T03:29:37.000Z","dependencies_parsed_at":"2023-02-15T22:15:52.252Z","dependency_job_id":"fc5eaa7c-716c-45c9-864b-5009ae92d3ab","html_url":"https://github.com/ZerBea/hcxtools","commit_stats":{"total_commits":2843,"total_committers":34,"mean_commits":83.61764705882354,"dds":0.1308476960956736,"last_synced_commit":"3c539fe59389b1d65e7aab38b1b20195b4e5d848"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZerBea%2Fhcxtools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZerBea%2Fhcxtools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZerBea%2Fhcxtools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZerBea%2Fhcxtools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ZerBea","download_url":"https://codeload.github.com/ZerBea/hcxtools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248074922,"owners_count":21043490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["handshake","hashcat","hccapx","john-the-ripper","pcap","pcapng","penetration-testing-framework","raspberry-pi","wifi","wifi-security","wlan","wlan-traffic","wpa","wpa2"],"created_at":"2024-08-01T09:01:43.968Z","updated_at":"2026-02-08T13:04:06.946Z","avatar_url":"https://github.com/ZerBea.png","language":"C","funding_links":[],"categories":["\u003ca id=\"79499aeece9a2a9f64af6f61ee18cbea\"\u003e\u003c/a\u003e浏览嗅探\u0026\u0026流量拦截\u0026\u0026流量分析\u0026\u0026中间人","\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"99398a5a8aaf99228829dadff48fb6a7\"\u003e\u003c/a\u003e未分类-Network","\u003ca id=\"d7485f829bd85cd784ff582cbddc8624\"\u003e\u003c/a\u003e捕获\u0026\u0026Capture"],"readme":"hcxtools\n=========\n\nA small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper. \n\nThese tools are 100% compatible with Hashcat and John the Ripper and are endorsed by Hashcat.\n\nBrief Description\n------------------\n\nThe main purpose of hcxtools is to detect weak points within one's own WiFi network by analyzing the hashes.\nTherefore, the conversion of the dump file to WPA-PBKDF2-PMKID+EAPOL hash file allows the user to check if the WLAN-KEY or PMK was transmitted unencrypted.\nOr upload the \"uncleaned\" dump file (pcapng, pcap, cap) [here](https://wpa-sec.stanev.org/?submit) to find out if your AP or the CLIENT is vulnerable by using common wordlists or a weak password generation algorithm.\n\n* Support for Hashcat hash-modes: 4800, 5500, 2200x, 16100, 250x (deprecated), and 1680x (deprecated).\n \n* Support for John the Ripper hash-modes: WPAPSK-PMK, PBKDF2-HMAC-SHA1, chap, netntlm, and tacacs-plus.\n\n* Support for gzip (.gz) single file compression.\n\nAn overview of Hashcat mode 22000. - (https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2)\n\nOld but still applicable write-up by **atom** of the Hashcat forums covering a new attack on WPA/WPA2 using PMKID. - (https://hashcat.net/forum/thread-7717.html)\n\nHashcat mode 22000 write-up by **atom** of the Hashcat forums. - (https://hashcat.net/forum/thread-10253.html)\n\n**Unsupported:** Windows OS, macOS, Android, emulators or wrappers!\n\nWhat Don't hcxtools Do?\n------------------------\n\n* They do not crack WPA PSK related hashes. (Use Hashcat or JtR to recover the PSK.)\n\n* They do not crack WEP. (Use the aircrack-ng suite instead.)\n\n* They do not crack WPS. (Use Reaver or Bully instead.)\n\n* They do not decrypt encrypted traffic. (Use tshark or Wireshark to do so.)\n\nDetailed Description\n---------------------\n\n| Tool | Description |\n| -------------- | ---------------------------------------------------------------------------------------------------------------------- |\n| hcxpcapngtool | Tool to convert raw capture files to Hashcat and JtR readable formats. |\n| hcxhashtool | Tool to filter hashes from HC22000 files based on user input. |\n| hcxpmktool | Tool to calculate and verify a PSK and/or a PMK. |\n| hcxpottool | Tool to to handle ASCII format and several UTF formats of hashcat's pot file. |\n| hcxpsktool | Tool to get weak PSK candidates from hash files or user input. |\n| hcxeiutool | Tool to prepare -E -I -U output of hcxpcapngtool for use by Hashcat + rule or JtR + rule. |\n| hcxwltool | Tool to calculate candidates for Hashcat and JtR based on mixed wordlists. |\n| hcxhash2cap | Tool to convert hash files (PMKID\u0026EAPOL, PMKID, EAPOL-hccapx, EAPOL-hccap, WPAPSK-john) to cap. |\n| wlancap2wpasec | Tool to upload multiple (gzip compressed) pcapng, pcap and cap files to https://wpa-sec.stanev.org |\n| whoismac | Tool to show vendor information and/or download oui reference list. |\n\nWorkflow\n---------\n\nhcxdumptool -\u003e hcxpcapngtool -\u003e hcxhashtool (additional hcxpsktool/hcxeiutool) -\u003e hashcat or JtR\n\nInstall Guide\n--------------\n\nOn most distributions hcxtools are available through the package manager.\n\nIf you decide to compile latest git head, make sure that your distribution is updated to it's latest version and make sure that all header files and dependencies have been installed!\n\n### Clone Repository\n---------------------\n\n```\ngit clone https://github.com/ZerBea/hcxtools.git\ncd hcxtools\n```\n\n### Compile \u0026 Install\n----------------------\n\n```\nmake -j $(nproc)\n```\n\nInstall to `/usr/bin`:\n```\nmake install (as super user)\n```\n\nOr install to `/usr/local/bin`:\n```\nmake install PREFIX=/usr/local (as super user)\n```\n\nRequirements\n--------------\n\nYou might expect me to recommend that everyone should be using hcxdumptool/hcxtools. But the fact of the matter is, however, that hcxdumptool/hcxtools is NOT recommended to be used by unexperienced users or newbies.\nIf you are not familiar with Linux generally or if you do not have at least a basic level of knowledge as mentioned in section \"Requirements\", hcxdumptool/hcxtools is probably not what you are looking for.\nHowever, if you have that knowledge this tools can do magic.\n\n* Knowledge of radio technology.\n* Knowledge of electromagnetic-wave engineering.\n* Detailed knowledge of 802.11 protocol.\n* Detailed knowledge of key derivation functions.\n* Detailed knowledge of NMEA 0183 protocol.\n* Detailed knowledge of Linux\n* Operating system: Linux (recommended: kernel \u003e= 6.4, mandatory: kernel \u003e= 5.10)\n* Recommendation: Arch Linux (notebooks and desktop systems), OpenWRT (small systems like Raspberry Pi, WiFi router)\n* gcc \u003e= 13 recommended (deprecated versions are not supported: https://gcc.gnu.org/)\n* libopenssl (\u003e= 3.0) and openssl-dev installed\n* librt and librt-dev installed. (Should be installed by default.)\n* zlib and zlib-dev installed. (For gzip compressed cap/pcap/pcapng files.)\n* libcurl (\u003e= 7.56) and curl-dev installed. (Used by whoismac and wlancap2wpasec.)\n* pkg-config installed.\n* Make sure that the version of hcxpcapngtool always fits to the version of hcxdumptool \n\n**If you decide to compile latest git head, make sure that your distribution is updated to it's latest version!**\n\nUseful Scripts\n---------------\n\n| Script | Description |\n| ------------ | -------------------------------------------------------- |\n| piwritecard | Example script to restore SD-Card |\n| piwreadcard | Example script to backup SD-Card |\n| hcxgrep.py | Extract records from m22000 hashline/hccapx/pmkid file based on regexp |\n\nNotice\n-------\n\n* Most output files will be appended to existing files (with the exception of pcapng, pcap, cap files).\n\n* It is recommended to use hash mode 22000 (22001) instead of deprecated hash modes 2500 (2501) and 16800 (16801).\n\n* hcxtools are designed to be analysis tools. This means that everything is converted by default and unwanted information must be filtered out! \n\n**Warning:** Do not merge dump files! This WILL destroy hash values assigned by custom blocks!\n\n* Tools do not perform NONCE ERROR CORRECTIONS! In case of a packet loss, you'll get a wrong PTK.\n\n* This branch is pretty closely synced to the Hashcat and John the Ripper repositories.\n\nBitmask Message Pair Field (hcxpcapngtool)\n-------------------------------------------\n\nbits 0-2\n\n000 = M1+M2, EAPOL from M2 (challenge - ANONCE from M1)\n\n001 = M1+M4, EAPOL from M4 (authorized) - usable if M4 NONCE is not zeroed and using option --all\n\n010 = M2+M3, EAPOL from M2 (authorized - ANONCE from M3)\n\n011 = M2+M3, EAPOL from M3 (authorized) - only with option --all\n\n100 = M3+M4, EAPOL from M3 (authorized) - only with option --all\n\n101 = M3+M4, EAPOL from M4 (authorized) - usable if M4 NONCE is not zeroed and using option --all\n\n3: reserved\n\n4: ap-less attack (set to 1) - no nonce-error-corrections necessary\n\n5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary\n\n6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary\n\n7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary\n\nWarning\n--------\n\nYou might expect me to recommend that everyone should be using hcxdumptool/hcxtools. But the fact of the matter is, hcxdumptool/hcxtools is NOT recommended to be used by inexperienced users or newbies.\n\nIf you are not familiar with Linux in general or you do not have at least a basic level of knowledge as mentioned in section \"Requirements\", hcxdumptool/hcxtools is probably not what you are looking for.\nHowever, if you have that knowledge hcxdumptool/hcxtools can do magic for you.\n\nThe entire toolkit (hcxdumptool and hcxtools) is designed to be an analysis toolkit. \n\nUseful Links\n--------------\n\nhttps://pcapng.com/\n\nhttps://www.kernel.org/doc/html/latest/\n\nhttps://www.kernel.org/doc/html/latest/bpf/index.html\n\nhttps://www.freecodecamp.org/news/the-linux-commands-handbook/\n\nhttps://en.wikipedia.org/wiki/Wpa2\n\nhttps://en.wikipedia.org/wiki/802.11_Frame_Types\n\nhttps://en.wikipedia.org/wiki/IEEE_802.11i-2004\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzerbea%2Fhcxtools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzerbea%2Fhcxtools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzerbea%2Fhcxtools/lists"}