table of contents
- bullseye 6.0.2-1+b1
| HCXPCAPTOOL(1) | User Commands | HCXPCAPTOOL(1) |
NAME¶
hcxpcaptool - hcx tools set-N
DESCRIPTION¶
hcxpcaptool 6.0.2 (C) 2020 ZeroBeat usage: hcxpcaptool <options> hcxpcaptool <options> [input.pcap] [input.pcap] ... hcxpcaptool <options> *.cap hcxpcaptool <options> *.*
options: -o <file> : output hccapx file (hashcat -m 2500/2501) -O <file> : output raw hccapx file (hashcat -m 2500/2501)
- this will disable all(!) 802.11 validity checks very slow!
-k <file> : output PMKID file (hashcat hashmode -m 16800 new format) -K <file> : output raw PMKID file (hashcat hashmode -m 16801 new format)
- this will disable usage of ESSIDs completely
-z <file> : output PMKID file (hashcat hashmode -m 16800 old format and john) -Z <file> : output raw PMKID file (hashcat hashmode -m 16801 old format and john)
- this will disable usage of ESSIDs completely
-j <file> : output john WPAPSK-PMK file (john wpapsk-opencl) -J <file> : output raw john WPAPSK-PMK file (john wpapsk-opencl)
- this will disable all(!) 802.11 validity checks very slow!
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker -I <file> : output unsorted identity list -U <file> : output unsorted username list -M <file> : output unsorted IMSI number list -P <file> : output possible WPA/WPA2 plainmasterkey list -T <file> : output management traffic information list
- format = mac_sta:mac_ap:essid
-X <file> : output client probelist
- format: mac_sta:probed ESSID (autohex enabled)
-D <file> : output unsorted device information list
- format = mac_device:device information string
-g <file> : output GPS file
- format = GPX (accepted for example by Viking and GPSBabel)
-V : verbose (but slow) status output -h : show this help -v : show version
--filtermac=<mac> : filter output by MAC address
- format: 112233445566
--ignore-fake-frames : do not convert fake frames --ignore-zeroed-pmks : do not convert frames which use a zeroed plainmasterkey (PMK) --ignore-replaycount : allow not replaycount checked best handshakes --ignore-mac : do not check MAC addresses
- this will allow to use ESSIDs from frames with damaged broadcast MAC address
--time-error-corrections=<digit> : maximum time gap between EAPOL frames - EAPOL TIMEOUT (default: 600s) --nonce-error-corrections=<digit> : maximum replycount/nonce gap to be converted (default: 8)
- example: --nonce-error-corrections=60
- convert handshakes up to a possible packetloss of 59 packets hashcat nonce-error-corrections should be twice as much as hcxpcaptool value
--max-essid-changes=<digit> : allow maximum ESSID changes (default: 1 - no ESSID change is allowed) --eapol-out=<file> : output EAPOL packets in hex
- format = mac_ap:mac_sta:EAPOL
--netntlm-out=<file> : output netNTLMv1 file (hashcat -m 5500, john netntlm) --md5-out=<file> : output MD5 challenge file (hashcat -m 4800) --md5-john-out=<file> : output MD5 challenge file (john chap) --tacacsplus-out=<file> : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus) --network-out=<file> : output network information
- format = mac_ap:ESSID
--hexdump-out=<file> : output dump raw packets in hex --hccap-out=<file> : output old hccap file (hashcat -m 2500) --hccap-raw-out=<file> : output raw old hccap file (hashcat -m 2500)
--nmea=<file> : save track to file
- format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
- to convert it to gpx, use GPSBabel: gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx to display the track, open file.gpx with viking
--prefix-out=<file> : convert everything to lists using this prefix (overrides single options):¶
- hccapx (-o) file.hccapx
- PMKID (-k) file.16800 netntlm (--netntlm-out) file.5500 md5 (--md5-out) file.4800 tacacsplus (--tacacsplus) file.16100 wordlist (-E) file.essidlist identitylist (-I) file.identitylist usernamelist (-U) file.userlist imsilist (-M) file.imsilist networklist (-network-out) file.networklist trafficlist (-T) file.networklist clientlist (-X) file.clientlist deviceinfolist (-D) file.deviceinfolist
--help : show this help --version : show version
bitmask for message pair field: 0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections necessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary
Do not edit, merge or convert pcapng files! This will remove optional comment fields! Do not use hcxpcaptool in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)! It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcaptool will understand this.
SEE ALSO¶
The full documentation for hcxpcaptool is maintained as a Texinfo manual. If the info and hcxpcaptool programs are properly installed at your site, the command
- info hcxpcaptool
should give you access to the complete manual.
| July 2020 | hcxpcaptool 6.0.2 (C) 2020 ZeroBeat |