06-23-2017, 04:24 PM
Small set of tools to capture and convert packets from wlan devices designed for the use with latest hashcat:
wlandump-ng (Small, fast and powerfull deauthentication/authentication/response tool)
wlanresponse (Extreme fast deauthentication/authentication/response tool (unattended use on Raspberry Pi's))
wlanrcascan (Small, fast and simple passive WLAN channel assignment scanner (status output))
wlancapinfo (Shows info of pcap file)
wlancap2hcx (Converts cap to hccapx and other formats (recommended for use with wlandump-ng and wlanresponse))
wlanhcx2cap ( Converts hccapx to cap)
wlanhc2hcx (Converts hccap to hccapx)
wlanhcx2essid (Merges hccapx containing the same ESSID)
wlanhcx2ssid (Strips BSSID, ESSID, OUI)
wlanhcx2john (Converts hccapx to format expected by John the Ripper)
wlanhcxinfo (Shows detailed info from contents of hccapxfile)
wlanhcxmnc (Manually do nonce correction on byte number xx of a nonce)
wlancap2wpasec (Upload multiple caps to http://wpa-sec.stanev.org)
whoismac (Show vendor information)
pwhash (Generate hash of a word by using a given charset)
pioff (Turns Raspberry Pi off via GPIO switch - hardware mods required)
Some of the features:
wlandump-ng/wlanresponse are able to prevent complete wlan traffic
wlandump-ng/wlanresponse are able to capture handshakes from not connected clients
wlandump-ng/wlanresponse are able to capture handshakes from 5GHz clients on 2.4GHz
wlandump-ng/wlanresponse are able to capture extended EAPOL (WPA Enterprise, WPS)
wlandump-ng/wlanresponse are able to capture passwords from the wlan traffic
wlancap2hcx is able to strip WPA Enterprise to use with hashcat (-m 4800, -m 5500)
Take a look into help of each tool (-h)
The tools are part of the penetration-distros BlackArch and The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali);
or get latest version from here:
https://github.com/ZerBea/hcxtools
ZerBea
wlandump-ng (Small, fast and powerfull deauthentication/authentication/response tool)
wlanresponse (Extreme fast deauthentication/authentication/response tool (unattended use on Raspberry Pi's))
wlanrcascan (Small, fast and simple passive WLAN channel assignment scanner (status output))
wlancapinfo (Shows info of pcap file)
wlancap2hcx (Converts cap to hccapx and other formats (recommended for use with wlandump-ng and wlanresponse))
wlanhcx2cap ( Converts hccapx to cap)
wlanhc2hcx (Converts hccap to hccapx)
wlanhcx2essid (Merges hccapx containing the same ESSID)
wlanhcx2ssid (Strips BSSID, ESSID, OUI)
wlanhcx2john (Converts hccapx to format expected by John the Ripper)
wlanhcxinfo (Shows detailed info from contents of hccapxfile)
wlanhcxmnc (Manually do nonce correction on byte number xx of a nonce)
wlancap2wpasec (Upload multiple caps to http://wpa-sec.stanev.org)
whoismac (Show vendor information)
pwhash (Generate hash of a word by using a given charset)
pioff (Turns Raspberry Pi off via GPIO switch - hardware mods required)
Some of the features:
wlandump-ng/wlanresponse are able to prevent complete wlan traffic
wlandump-ng/wlanresponse are able to capture handshakes from not connected clients
wlandump-ng/wlanresponse are able to capture handshakes from 5GHz clients on 2.4GHz
wlandump-ng/wlanresponse are able to capture extended EAPOL (WPA Enterprise, WPS)
wlandump-ng/wlanresponse are able to capture passwords from the wlan traffic
wlancap2hcx is able to strip WPA Enterprise to use with hashcat (-m 4800, -m 5500)
Take a look into help of each tool (-h)
The tools are part of the penetration-distros BlackArch and The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali);
or get latest version from here:
https://github.com/ZerBea/hcxtools
ZerBea