Packages and Binaries:

hcxtools

Portable solution for capturing wlan traffic and conversion to hashcat formats (recommended by hashcat) and to John the Ripper formats.

hcx stands for:

  • h = hash
  • c = capture, convert and calculate candidates
  • x = different hashtypes

Installed size: 719 KB
How to install: sudo apt install hcxtools

  • ieee-data
  • libc6
  • libcurl4
  • libssl1.1
  • zlib1g
hcxessidtool

Hcx tools set-N

root@kali:~# hcxessidtool -h
hcxessidtool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxessidtool <options>

options:
-e <essid>  : filter by ESSID
-E <essid>  : filter by part of ESSID
-l <essid>  : filter by ESSID length
-h          : show this help
-v          : show version

--pmkid1=<file>        : input PMKID file 1
--pmkid2=<file>        : input PMKID file 2
--pmkidout12=<file>    : output only lines present in both PMKID1 and PMKID2
--pmkidout1=<file>     : output only lines present in PMKID1
--pmkidout2=<file>     : output only lines present in PMKID2
--pmkidout=<file>      : output only ESSID filtered lines present in PMKID1
--pmkidgroupout=<file> : output ESSID groups from ESSIDs present in PMKID1
--hccapx1=<file>       : input HCCAPX1
--hccapx2=<file>       : input HCCAPX2
--hccapxout12=<file>   : output only lines present in both HCCAPX1 and HCCAPX2
--hccapxout1=<file>    : output only lines present in HCCAPX1
--hccapxout2=<file>    : output only lines present in HCCAPX2
--hccapxout=<file>     : output only ESSID filtered lines present in HCCAPX1
--hccapxgroupout=<file>: output ESSID groups from ESSIDs present in HCCAPX1
--essidout=<file>      : output ESSID list
--essidmacapout=<file> : output MAC_AP:ESSID list
--help                 : show this help
--version              : show version

Main purpose is to get full advantage of reuse of PBKDF2
while merging (only) the same ESSIDs from different hash files
examples:
hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800
hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800


hcxhash2cap

Hcx tools set-N

root@kali:~# hcxhash2cap -h
hcxhash2cap 6.0.2 (C) 2020 ZeroBeat
usage:
hcxhash2cap <options>

options:
-c <file> : output cap file
            if no cap file is selected, output will be written to single cap files
            format: mac_sta.cap (mac_sta.cap_x)
-h        : show this help
-v        : show version

--pmkid-eapol=<file> : input PMKID EAPOL combi hash file
--pmkid=<file>       : input PMKID hash file
--hccapx=<file>      : input hashcat hccapx file
--hccap=<file>       : input hashcat hccap file
--john=<file>        : input John the Ripper WPAPSK hash file
--help               : show this help
--version            : show version


hcxhashcattool

Hcx tools set-N

root@kali:~# hcxhashcattool -h
hcxhashcattool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxhashcattool <options>

options:
-p <file> : input old hashcat potfile (<= 5.1.0)
            accepted potfiles: 2500 or 16800
-P <file> : output new potfile file (PMK*ESSID:PSK)
-h        : show this help
-v        : show version


hcxhashtool

Hcx tools set-N

root@kali:~# hcxhashtool -h
hcxhashtool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxhashtool <options>

options:
-i <file>   : input PMKID/EAPOL hash file
-o <file>   : output PMKID/EAPOL hash file
-E <file>   : output ESSID list (autohex enabled)
-d          : download http://standards-oui.ieee.org/oui.txt
            : and save to ~/.hcxtools/oui.txt
            : internet connection required
-h          : show this help
-v          : show version

--essid-group                : convert to ESSID groups in working directory
                               full advantage of reuse of PBKDF2
                               not on old hash formats
--oui-group                  : convert to OUI groups in working directory
                               not on old hash formats
--mac-group-ap               : convert APs to MAC groups in working directory
                               not on old hash formats
--mac-group-client           : convert CLIENTs to MAC groups in working directory
                               not on old hash formats
--type                       : filter by hash type
                             : default PMKID (1) and EAPOL (2)
--essid-len                  : filter by ESSID length
                             : default ESSID length: 0...32
--essid-min                  : filter by ESSID minimum length
                             : default ESSID minimum length: 0
--essid-max                  : filter by ESSID maximum length
                             : default ESSID maximum length: 32
--essid=<ESSID>              : filter by ESSID
--essid-part=<part of ESSID> : filter by part of ESSID
--mac-ap=<MAC>               : filter AP by MAC
                             : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)
--mac-client=<MAC>           : filter CLIENT by MAC
                             : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)
--oui-ap=<OUI>               : filter AP by OUI
                             : format: 001122, 00:11:22, 00-11-22 (hex)
--oui-client=<OUI>           : filter CLIENT by OUI
                             : format: 001122, 00:11:22, 00-11-22 (hex)
--vendor=<VENDOR>            : filter by (part of) VENDOR name
--authorized                 : filter EAPOL pairs by status authorized
--notauthorized              : filter EAPOL pairs by status not authorized
--rc                         : filter EAPOL pairs by replaycount status checked
--apless                     : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)
--info=<file>                : output detailed information about content of hash file
--info=stdout                : stdout output detailed information about content of hash file
--vendorlist                 : stdout output VENDOR list sorted by OUI
--psk=<PSK>                  : pre-shared key to test
                             : due to PBKDF2 calculation this is a very slow process
                             : no nonce error corrections
--pmk=<PMK>                  : plain master key to test
                             : no nonce error corrections
--hccapx=<file>              : output to deprecated hccapx file
--hccap=<file>               : output to ancient hccap file
--hccap-single               : output to ancient hccap single files (MAC + count)
--john=<file>                : output to deprecated john file
--help                       : show this help
--version                    : show version


hcxmactool

Hcx tools set-N

root@kali:~# hcxmactool -h
hcxmactool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxmactool <options>

options:
-o <oui>    : filter access point by OUI
-n <nic>    : filter access point by NIC
-m <mac>    : filter access point by MAC
-a <vendor> : filter access point by VENDOR name
-O <oui>    : filter client by OUI
-N <nic>    : filter client by NIC
-M <mac>    : filter client by MAC
-A <vendor> : filter client by VENDOR name
-h          : show this help
-v          : show version

--pmkideapolout=<file> : output PMKID/EAPOL hash line (22000 format)
--pmkidin=<file>       : input PMKID file
--pmkidout=<file>      : output PMKID file
--hccapxin=<file>      : input HCCAPX file
--hccapxout=<file>     : output HCCAPX file
--help                 : show this help
--version              : show version


hcxpcapngtool

Hcx tools set-N

root@kali:~# hcxpcapngtool -h
hcxpcapngtool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxpcapngtool <options>
hcxpcapngtool <options> input.pcapng
hcxpcapngtool <options> *.pcapng
hcxpcapngtool <options> *.pcap
hcxpcapngtool <options> *.cap
hcxpcapngtool <options> *.*

short options:
-o <file> : output PMKID/EAPOL hash file
            hashcat -m 22000/22001 and JtR wpapsk-opencl/wpapsk-pmk-opencl
-E <file> : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker
-I <file> : output unsorted identity list to use as input wordlist for cracker
-U <file> : output unsorted username list to use as input wordlist for cracker
-h        : show this help
-v        : show version

long options:
--all                              : convert all possible hashes instead of only the best one
                                     that can lead to much overhead hashes
                                     use hcxhashtool to filter hashes
                                     need hashcat --nonce-error-corrections >= 8
--eapoltimeout=<digit>             : set EAPOL TIMEOUT (milliseconds)
                                   : default: 5000 ms
--nonce-error-corrections=<digit>  : set nonce error correction
                                     warning: values > 0 can lead to uncrackable handshakes
                                   : default: 0
--ignore-ie                        : do not use CIPHER and AKM information
                                     this will convert all frames regadless of
                                     CIPHER and/OR AKM information,
                                     and can lead to uncrackable hashes
--max-essids=<digit>               : maximum allowed ESSIDs
                                     default: 1 ESSID
                                     disregard ESSID changes and take ESSID with highest ranking
--eapmd5=<file>                    : output EAP MD5 CHALLENGE (hashcat -m 4800)
--eapmd5-john=<file>               : output EAP MD5 CHALLENGE (john chap)
--eapleap=<file>                   : output EAP LEAP CHALLENGE (hashcat -m 5500, john netntlm)
--nmea=<file>                      : output GPS data in NMEA format
                                     format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                     to convert it to gpx, use GPSBabel:
                                     gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                     to display the track, open file.gpx with viking
--log=<file>                       : output logfile
--raw-out=<file>                   : output frames in HEX ASCII
                                   : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM
--raw-in=<file>                    : input frames in HEX ASCII
                                   : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM
--pmkid=<file>                     : output deprecated PMKID file (delimter *)
--hccapx=<file>                    : output deprecated hccapx v4 file
--hccap=<file>                     : output deprecated hccap file
--john=<file>                      : output deprecated PMKID/EAPOL (JtR wpapsk-opencl/wpapsk-pmk-opencl)
--prefix=<file>                    : convert everything to lists using this prefix (overrides single options):
                                      -o <file.22000>      : output PMKID/EAPOL hash file
                                      -E <file.essid>      : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker
                                      -I <file.identitiy>  : output unsorted identity list to use as input wordlist for cracker
                                      -U <file.username>   : output unsorted username list to use as input wordlist for cracker
                                     --eapmd5=<file.4800>  : output EAP MD5 CHALLENGE (hashcat -m 4800)
                                     --eapleap=<file.5500> : output EAP LEAP CHALLENGE (hashcat -m 5500, john netntlm)
                                     --nmea=<file.nmea>    : output GPS data in NMEA format
--help                             : show this help
--version                          : show version

bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections necessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary

Do not edit, merge or convert pcapng files! This will remove optional comment fields!
Detection of bit errors does not work on cleaned dump files!
Do not use hcxpcapngtool in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)!
It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcapngtool will understand this.


hcxpcaptool

Hcx tools set-N

root@kali:~# hcxpcaptool -h
hcxpcaptool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxpcaptool <options>
hcxpcaptool <options> [input.pcap] [input.pcap] ...
hcxpcaptool <options> *.cap
hcxpcaptool <options> *.*

options:
-o <file> : output hccapx file (hashcat -m 2500/2501)
-O <file> : output raw hccapx file (hashcat -m 2500/2501)
            this will disable all(!) 802.11 validity checks
            very slow!
-k <file> : output PMKID file (hashcat hashmode -m 16800 new format)
-K <file> : output raw PMKID file (hashcat hashmode -m 16801 new format)
            this will disable usage of ESSIDs completely
-z <file> : output PMKID file (hashcat hashmode -m 16800 old format and john)
-Z <file> : output raw PMKID file (hashcat hashmode -m 16801 old format and john)
            this will disable usage of ESSIDs completely
-j <file> : output john WPAPSK-PMK file (john wpapsk-opencl)
-J <file> : output raw john WPAPSK-PMK file (john wpapsk-opencl)
            this will disable all(!) 802.11 validity checks
            very slow!
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker
-I <file> : output unsorted identity list
-U <file> : output unsorted username list
-M <file> : output unsorted IMSI number list
-P <file> : output possible WPA/WPA2 plainmasterkey list
-T <file> : output management traffic information list
            format = mac_sta:mac_ap:essid
-X <file> : output client probelist
            format: mac_sta:probed ESSID (autohex enabled)
-D <file> : output unsorted device information list
            format = mac_device:device information string
-g <file> : output GPS file
            format = GPX (accepted for example by Viking and GPSBabel)
-V        : verbose (but slow) status output
-h        : show this help
-v        : show version

--filtermac=<mac>                 : filter output by MAC address
                                    format: 112233445566
--ignore-fake-frames              : do not convert fake frames
--ignore-zeroed-pmks              : do not convert frames which use a zeroed plainmasterkey (PMK)
--ignore-replaycount              : allow not replaycount checked best handshakes
--ignore-mac                      : do not check MAC addresses
                                    this will allow to use ESSIDs from frames with damaged broadcast MAC address
--time-error-corrections=<digit>  : maximum time gap between EAPOL frames - EAPOL TIMEOUT (default: 600s)
--nonce-error-corrections=<digit> : maximum replycount/nonce gap to be converted (default: 8)
                                    example: --nonce-error-corrections=60 
                                    convert handshakes up to a possible packetloss of 59 packets
                                    hashcat nonce-error-corrections should be twice as much as hcxpcaptool value
--max-essid-changes=<digit>       : allow maximum ESSID changes (default: 1 - no ESSID change is allowed)
--eapol-out=<file>                : output EAPOL packets in hex
                                    format = mac_ap:mac_sta:EAPOL
--netntlm-out=<file>              : output netNTLMv1 file (hashcat -m 5500, john netntlm)
--md5-out=<file>                  : output MD5 challenge file (hashcat -m 4800)
--md5-john-out=<file>             : output MD5 challenge file (john chap)
--tacacsplus-out=<file>           : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus)
--network-out=<file>              : output network information
                                    format = mac_ap:ESSID
--hexdump-out=<file>              : output dump raw packets in hex
--hccap-out=<file>                : output old hccap file (hashcat -m 2500)
--hccap-raw-out=<file>            : output raw old hccap file (hashcat -m 2500)
                                    this will disable all(!) 802.11 validity checks
                                    very slow!
--nmea=<file>                     : save track to file
                                    format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
                                    to convert it to gpx, use GPSBabel:
                                    gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx
                                    to display the track, open file.gpx with viking
--prefix-out=<file>               : convert everything to lists using this prefix (overrides single options):
                                    hccapx (-o) file.hccapx
                                    PMKID (-k) file.16800
                                    netntlm (--netntlm-out) file.5500
                                    md5 (--md5-out) file.4800
                                    tacacsplus (--tacacsplus) file.16100
                                    wordlist (-E) file.essidlist
                                    identitylist (-I) file.identitylist 
                                    usernamelist (-U) file.userlist
                                    imsilist (-M) file.imsilist
                                    networklist (-network-out) file.networklist
                                    trafficlist (-T) file.networklist
                                    clientlist (-X) file.clientlist
                                    deviceinfolist (-D) file.deviceinfolist
--help                            : show this help
--version                         : show version

bitmask for message pair field:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections necessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary

Do not edit, merge or convert pcapng files! This will remove optional comment fields!
Do not use hcxpcaptool in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)!
It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcaptool will understand this.


hcxpmkidtool

Hcx tools set-N

root@kali:~# hcxpmkidtool -h
hcxpmkidtool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxpmkidtool <options>

options:
-p <pmkid>  : input PMKID
              PMKID:MAC_AP:MAC_STA:ESSID(XDIGIT)
              PMKID*MAC_AP*MAC_STA*ESSID(XDIGIT)
-w <file>   : input wordlist (8...63 characters)
              output: PMK:ESSID (XDIGIT):password
-W <word>   : input single word (8...63 characters)
              output: PMK:ESSID (XDIGIT):password
-K <pmk>    : input single PMK
              format:
              output: PMK:ESSID (XDIGIT)
-h          : show this help
-v          : show version

--help      : show this help
--version   : show version

hcxpmkidtool designed to verify an existing PSK or and existing PMK.
It is not designed to run big wordlists!


hcxpsktool

Hcx tools set-N

root@kali:~# hcxpsktool -h
hcxpsktool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxpsktool <options>

options:
-c <file>   : input PMKID/EAPOL hash file (hashcat -m 22000)
-i <file>   : input EAPOL hash file (hashcat)
-j <file>   : input EAPOL hash file (john)
-z <file>   : input PMKID hash file (hashcat and john)
-e <char>   : input ESSID
-b <xdigit> : input MAC access point
              format: 112233445566
-o <file>   : output PSK file
              default: stdout
              output list must be sorted unique!
-h          : show this help
-v          : show version

--netgear : include weak NETGEAR candidates
--phome   : include weak PEGATRON HOME candidates
--tenda   : include weak TENDA candidates
--weakpass: include weak password candidates
--eudate  : include complete european dates
--usdate  : include complete american dates
--wpskeys : include complete WPS keys
--help    : show this help
--version : show version

if hcxpsktool recovered your password, you should change it immediately!

examples:
hcxpsktool -i hashfile.hccapx | sort | uniq | hashcat -m 2500 hashfile.hccapx
hcxpsktool -z hashfile.16800 | sort | uniq | hashcat -m 16800 hashfile.16800
hcxpsktool -z hashfile.16800 | sort | uniq | john --stdin --format=wpapsk-opencl hashfile.16800


hcxwltool

Hcx tools set-N

root@kali:~# hcxwltool -h
hcxwltool 6.0.2 (C) 2020 ZeroBeat
usage:
hcxwltool <options>

options:
-i        : input wordlist
-o <file> : output wordlist to file
-h        : show this help
-v        : show version

--straight       : output format untouched
--digit          : output format only digits
--xdigit         : output format only xdigits
--lower          : output format only lower
--upper          : output format only upper
--capital        : output format only capital
--length=<digit> : password length (8...32)
--help           : show this help
--version        : show version

examples:
hcxwltool -i wordlist --straight | sort | uniq |  | sort | uniq | hashcat -m 2500 hashfile.hccapx
hcxwltool -i wordlist --digit --length=10 | sort | uniq |  | sort | uniq | hashcat -m 2500 hashfile.hccapx
hcxwltool -i wordlist --digit | sort | uniq | hashcat -m 16800 hashfile.16800
hcxwltool -i wordlist --xdigit | sort | uniq | john --stdin --format=wpapsk-opencl hashfile.16800


whoismac

Hcx tools set-N

root@kali:~# whoismac -h
whoismac 6.0.2 (C) 2020 ZeroBeat
usage: whoismac <options>

options:
-d            : download http://standards-oui.ieee.org/oui.txt
              : and save to ~/.hcxtools/oui.txt
              : internet connection required
-m <mac>      : mac (six bytes of mac addr) or 
              : oui (fist three bytes of mac addr)
-p <hashline> : input PMKID and/or EAPOL hashline (hashmode 22000 or 16800)
-P <hashline> : input EAPOL hashline from potfile (hashcat <= 5.1.0)
-e <ESSID>    : input ESSID
-x <xdigit>   : input ESSID in hex
-e <ESSID>    : input ESSID
-v <vendor>   : vendor name
-h            : this help screen


wlancap2wpasec

Hcx tools set-N

root@kali:~# wlancap2wpasec -h
wlancap2wpasec 6.0.2 (C) 2020 ZeroBeat
usage: wlancap2wpasec <options>  [input.pcapng] [input.pcap] [input.cap] [input.pcapng.gz]...
       wlancap2wpasec <options> *.pcapng
       wlancap2wpasec <options> *.gz
       wlancap2wpasec <options> *.*

options:
-k <key>           : wpa-sec user key
-u <url>           : set user defined URL
                     default = https://wpa-sec.stanev.org
-t <seconds>       : set connection timeout
                     default = 30 seconds
-e <email address> : set email address, if required
-R                 : remove cap if upload was successful
-h                 : this help
-h                 : show version

Do not merge different cap files to a single cap file.
This will lead to unexpected behaviour on ESSID changes
or different link layer types.
To ‎remove unnecessary packets, run tshark:
tshark -r input.cap -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcapng -w output.pcapng
To reduce the size of the cap file, compress it with gzip:
gzip capture.pcapng



wlanhcx2john

Hcx tools set-N

root@kali:~# wlanhcx2john -h
wlanhcx2john 6.0.2 (C) 2020 ZeroBeat
usage: wlanhcx2john <options> [input.hccapx] [input.hccapx] ...

options:
-o <file> : output john file


wlanhcx2ssid

Hcx tools set-N

root@kali:~# wlanhcx2ssid -h
wlanhcx2ssid 6.0.2 (C) 2020 ZeroBeat
usage: wlanhcx2ssid <options>

options:
-i <file>     : input hccapx file
-p <path>     : change directory for outputfiles
-a            : output file by mac_ap's
-s            : output file by mac_sta's
-o            : output file by vendor's (oui)
-e            : output file by essid's
-E <essid>    : output file by part of essid name
-X <essid>    : output file by essid name (exactly)
-x <digit>    : output by essid len (0 <= 32)
-A <mac_ap>   : output file by single mac_ap
-S <mac_sta>  : output file by single mac_sta
-O <oui>      : output file by single vendor (oui)
-V <name>     : output file by single vendor name or part of vendor name
-L <mac_list> : input list containing mac_ap's (need -l)
              : format of mac_ap's each line: 112233445566
-l <file>     : output file (hccapx) by mac_list (need -L)
-w <file>     : write only forced from clients to hccapx file
-W <file>     : write only forced from access points to hccapx file
-r <file>     : write only replaycount checked to hccapx file
-R <file>     : write only not replaycount checked to hccapx file
-N <file>     : output stripped file (only one record each mac_ap, mac_sta, essid, message_pair combination)
-n <file>     : output stripped file (only one record each mac_sta, essid)
-g <file>     : write only handshakes with pairwise key flag set
-G <file>     : write only handshakes with groupkey flag set
-0 <file>     : write only MESSAGE_PAIR_M12E2 to hccapx file
-1 <file>     : write only MESSAGE_PAIR_M14E4 to hccapx file
-2 <file>     : write only MESSAGE_PAIR_M32E2 to hccapx file
-3 <file>     : write only MESSAGE_PAIR_M32E3 to hccapx file
-4 <file>     : write only MESSAGE_PAIR_M34E3 to hccapx file
-5 <file>     : write only MESSAGE_PAIR_M34E4 to hccapx file
-k <file>     : write keyversion based on key information field (use only basename)
              : output: basename.x.hccapx
              : WPA1 RC4 Cipher, HMAC-MD5..... basename.1.hccapx
              : WPA2 AES Cipher, HMAC-SHA1.... basename.2.hccapx
              : WPA2 AES Cipher, AES-128-CMAC2 basename.3.hccapx
              : all other are unknown
-F <file>     : remove bad records and write only flawless records to hccapx file
-D <file>     : remove duplicates from the same authentication sequence
              : you must use nonce-error-corrections on that file!
-h            : this help


wlanhcxcat

Hcx tools set-N

root@kali:~# wlanhcxcat -h
wlanhcxcat 6.0.2 (C) 2020 ZeroBeat
usage..: wlanhcxcat <options>
options:
-i <file> : input hccapx file
-w <file> : input wordlist, plainmasterkeylist oder mixed word-/plainmasterkeylist
          : wordlist input is very slow
-e        : input ESSID
-p        : input password
-P        : input plainmasterkey
-o <file> : output recovered network data
-h        : this help

input option matrix
-e and -p
-e and -P
-e and -w
-p
-P
-w


wlanhcxinfo

Hcx tools set-N

root@kali:~# wlanhcxinfo -h
wlanhcxinfo 6.0.2 (C) 2020 ZeroBeat
usage..: wlanhcxinfo <options>
example: wlanhcxinfo -i <hashfile> show general information about file

options:
-i <file> : input hccapx file
-j <file> : input john file (doesn't support all list options)
-o <file> : output info file (default stdout)
-a        : list access points
-A        : list anonce
-s        : list stations
-S        : list snonce
-M        : list key mic
-R        : list replay count
-w        : list wpa version
-P        : list key key number
-p        : list messagepair
-l        : list essid len
-e        : list essid
-h        : this help


wlanjohn2hcx

Hcx tools set-N

root@kali:~# wlanjohn2hcx -h
wlanjohn2hcx 6.0.2 (C) 2020 ZeroBeat
usage: wlanjohn2hcx <options> [input.john] [input.john] ...

options:
-o <file> : output hccapx file
-e <file> : output ESSID list


wlanpmk2hcx

Hcx tools set-N

root@kali:~# wlanpmk2hcx -h
wlanpmk2hcx 6.0.2 (C) 2020 ZeroBeat
usage: wlanpmk2hcx <options>

options:
-i <file>  : input combilist (pmk:essid)
-o <file>  : output hashcat hashfile (-m 12000)
-j <file>  : output john hashfile (pbkdf2-hmac-sha1)
-e <essid> : input single essid (networkname: 1 .. 32 characters)
-p <pmk>   : input plainmasterkey (64 xdigits)
-h         : this help


wlanwkp2hcx

Hcx tools set-N

root@kali:~# wlanwkp2hcx -h
wlanwkp2hcx 6.0.2 (C) 2020 ZeroBeat
usage: wlanwkp2hcx <options> [input.wkp] [input.wkp] ...
       wlanwkp2hcx <options> *.wkp

options:
-o <file> : output hccapx file
-e <file> : output essidlist


Updated on: 2021-Sep-16