.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.16. .TH HCXPCAPTOOL "1" "July 2020" "hcxpcaptool 6.0.2 (C) 2020 ZeroBeat" "User Commands" .SH NAME hcxpcaptool \- hcx tools set-N .SH DESCRIPTION hcxpcaptool 6.0.2 (C) 2020 ZeroBeat usage: hcxpcaptool hcxpcaptool [input.pcap] [input.pcap] ... hcxpcaptool *.cap hcxpcaptool *.* .PP options: \fB\-o\fR : output hccapx file (hashcat \fB\-m\fR 2500/2501) \fB\-O\fR : output raw hccapx file (hashcat \fB\-m\fR 2500/2501) .IP this will disable all(!) 802.11 validity checks very slow! .PP \fB\-k\fR : output PMKID file (hashcat hashmode \fB\-m\fR 16800 new format) \fB\-K\fR : output raw PMKID file (hashcat hashmode \fB\-m\fR 16801 new format) .IP this will disable usage of ESSIDs completely .PP \fB\-z\fR : output PMKID file (hashcat hashmode \fB\-m\fR 16800 old format and john) \fB\-Z\fR : output raw PMKID file (hashcat hashmode \fB\-m\fR 16801 old format and john) .IP this will disable usage of ESSIDs completely .PP \fB\-j\fR : output john WPAPSK\-PMK file (john wpapsk\-opencl) \fB\-J\fR : output raw john WPAPSK\-PMK file (john wpapsk\-opencl) .IP this will disable all(!) 802.11 validity checks very slow! .PP \fB\-E\fR : output wordlist (autohex enabled) to use as input wordlist for cracker \fB\-I\fR : output unsorted identity list \fB\-U\fR : output unsorted username list \fB\-M\fR : output unsorted IMSI number list \fB\-P\fR : output possible WPA/WPA2 plainmasterkey list \fB\-T\fR : output management traffic information list .IP format = mac_sta:mac_ap:essid .PP \fB\-X\fR : output client probelist .IP format: mac_sta:probed ESSID (autohex enabled) .PP \fB\-D\fR : output unsorted device information list .IP format = mac_device:device information string .PP \fB\-g\fR : output GPS file .IP format = GPX (accepted for example by Viking and GPSBabel) .PP \fB\-V\fR : verbose (but slow) status output \fB\-h\fR : show this help \fB\-v\fR : show version .PP \fB\-\-filtermac=\fR : filter output by MAC address .IP format: 112233445566 .PP \fB\-\-ignore\-fake\-frames\fR : do not convert fake frames \fB\-\-ignore\-zeroed\-pmks\fR : do not convert frames which use a zeroed plainmasterkey (PMK) \fB\-\-ignore\-replaycount\fR : allow not replaycount checked best handshakes \fB\-\-ignore\-mac\fR : do not check MAC addresses .IP this will allow to use ESSIDs from frames with damaged broadcast MAC address .PP \fB\-\-time\-error\-corrections=\fR : maximum time gap between EAPOL frames \- EAPOL TIMEOUT (default: 600s) \fB\-\-nonce\-error\-corrections=\fR : maximum replycount/nonce gap to be converted (default: 8) .TP example: \fB\-\-nonce\-error\-corrections\fR=\fI\,60\/\fR convert handshakes up to a possible packetloss of 59 packets hashcat nonce\-error\-corrections should be twice as much as hcxpcaptool value .PP \fB\-\-max\-essid\-changes=\fR : allow maximum ESSID changes (default: 1 \- no ESSID change is allowed) \fB\-\-eapol\-out=\fR : output EAPOL packets in hex .IP format = mac_ap:mac_sta:EAPOL .PP \fB\-\-netntlm\-out=\fR : output netNTLMv1 file (hashcat \fB\-m\fR 5500, john netntlm) \fB\-\-md5\-out=\fR : output MD5 challenge file (hashcat \fB\-m\fR 4800) \fB\-\-md5\-john\-out=\fR : output MD5 challenge file (john chap) \fB\-\-tacacsplus\-out=\fR : output TACACS+ authentication file (hashcat \fB\-m\fR 16100, john tacacs\-plus) \fB\-\-network\-out=\fR : output network information .IP format = mac_ap:ESSID .PP \fB\-\-hexdump\-out=\fR : output dump raw packets in hex \fB\-\-hccap\-out=\fR : output old hccap file (hashcat \fB\-m\fR 2500) \fB\-\-hccap\-raw\-out=\fR : output raw old hccap file (hashcat \fB\-m\fR 2500) .TP this will disable all(!) 802.11 validity checks very slow! .PP \fB\-\-nmea=\fR : save track to file .TP format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL to convert it to gpx, use GPSBabel: gpsbabel \fB\-i\fR nmea \fB\-f\fR hcxdumptool.nmea \fB\-o\fR gpx \fB\-F\fR file.gpx to display the track, open file.gpx with viking .SS "--prefix-out= : convert everything to lists using this prefix (overrides single options):" .TP hccapx (\fB\-o\fR) file.hccapx PMKID (\fB\-k\fR) file.16800 netntlm (\fB\-\-netntlm\-out\fR) file.5500 md5 (\fB\-\-md5\-out\fR) file.4800 tacacsplus (\fB\-\-tacacsplus\fR) file.16100 wordlist (\fB\-E\fR) file.essidlist identitylist (\fB\-I\fR) file.identitylist usernamelist (\fB\-U\fR) file.userlist imsilist (\fB\-M\fR) file.imsilist networklist (\fB\-network\-out\fR) file.networklist trafficlist (\fB\-T\fR) file.networklist clientlist (\fB\-X\fR) file.clientlist deviceinfolist (\fB\-D\fR) file.deviceinfolist .PP \fB\-\-help\fR : show this help \fB\-\-version\fR : show version .PP bitmask for message pair field: 0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 3: x (unused) 4: ap\-less attack (set to 1) \- no nonce\-error\-corrections necessary 5: LE router detected (set to 1) \- nonce\-error\-corrections only for LE necessary 6: BE router detected (set to 1) \- nonce\-error\-corrections only for BE necessary 7: not replaycount checked (set to 1) \- replaycount not checked, nonce\-error\-corrections definitely necessary .PP Do not edit, merge or convert pcapng files! This will remove optional comment fields! Do not use hcxpcaptool in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)! It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcaptool will understand this. .SH "SEE ALSO" The full documentation for .B hcxpcaptool is maintained as a Texinfo manual. If the .B info and .B hcxpcaptool programs are properly installed at your site, the command .IP .B info hcxpcaptool .PP should give you access to the complete manual.