Yes, you can do this using wlanhcx2ssid:
$ wlanhcx2ssid -h
wlanhcx2ssid 4.0.2 (C) 2018 ZeroBeat
usage: wlanhcx2ssid <options>
options:
-i <file> : input hccapx file
-p <path> : change directory for outputfiles
-a : output file by mac_ap's
-s : output file by mac_sta's
-o : output file by vendor's (oui)
-e : output file by essid's
-E <essid> : output file by part of essid name
-X <essid> : output file by essid name (exactly)
-x <digit> : output by essid len (1 <= 32)
-A <mac_ap> : output file by single mac_ap
-S <mac_sta> : output file by single mac_sta
-O <oui> : output file by single vendor (oui)
-V <name> : output file by single vendor name or part of vendor name
-L <mac_list> : input list containing mac_ap's (need -l)
: format of mac_ap's each line: 112233445566
-l <file> : output file (hccapx) by mac_list (need -L)
-w <file> : write only forced from clients to hccapx file
-W <file> : write only forced from access points to hccapx file
-r <file> : write only replaycount checked to hccapx file
-R <file> : write only not replaycount checked to hccapx file
-N <file> : output stripped file (only one record each mac_ap, mac_sta, essid, message_pair combination)
-n <file> : output stripped file (only one record each mac_sta, essid)
-g <file> : write only handshakes with pairwise key flag set
-G <file> : write only handshakes with groupkey flag set
-0 <file> : write only MESSAGE_PAIR_M12E2 to hccapx file
-1 <file> : write only MESSAGE_PAIR_M14E4 to hccapx file
-2 <file> : write only MESSAGE_PAIR_M32E2 to hccapx file
-3 <file> : write only MESSAGE_PAIR_M32E3 to hccapx file
-4 <file> : write only MESSAGE_PAIR_M34E3 to hccapx file
-5 <file> : write only MESSAGE_PAIR_M34E4 to hccapx file
-k <file> : write keyversion based on key information field (use only basename)
: output: basename.x.hccapx
: WPA1 RC4 Cipher, HMAC-MD5..... basename.1.hccapx
: WPA2 AES Cipher, HMAC-SHA1.... basename.2.hccapx
: WPA2 AES Cipher, AES-128-CMAC2 basename.3.hccapx
: all other are unknown
-F <file> : remove bad records and write only flawless records to hccapx file
-D <file> : remove duplicates from the same authentication sequence
: you must use nonce-error-corrections on that file!
-h : this help
for example:
$ hcxpcaptool -o test.hccapx 201801031743.cap
start reading from 201801031743.cap
summary:
--------
file name..............: 201801031743.cap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 1785492
skippedpackets.........: 0
packets with FCS.......: 0
warning................: zero value timestamps detected
WDS packets............: 14
beacons................: 17182
probe requests.........: 8974
probe responses........: 25548
association requests...: 32142
reassociation requests.: 5299
EAPOL packets..........: 1693747
EAP packets............: 751
found..................: EAP type ID
found..................: EAP-SIM (GSM Subscriber Modules) Authentication
found..................: EAP-TTLS Authentication
found..................: PEAP Authentication
found..................: WPS Authentication
best handshakes........: 807 (ap-less: 387)
815 handshake(s) written to test.hccapx
wlanhcx2ssid -i test.hccapx -X Home
815 records read from test.hccapx
1 records written
$ ls
201801031743.cap Home.hccapx
Do not wonder why we have 807 best handshakes and 815 handshakes written to hccapx.
Reason is that there are networks inside the cap which changed the ESSID during capture time!
We do not want to loose them.
It is also possible the you have less raw handshakes than best handshakes.
That depends on how many re-authentication sequences are captured:
less re-authentications sequences = less raw handshakes
$ wlanhcx2ssid -h
wlanhcx2ssid 4.0.2 (C) 2018 ZeroBeat
usage: wlanhcx2ssid <options>
options:
-i <file> : input hccapx file
-p <path> : change directory for outputfiles
-a : output file by mac_ap's
-s : output file by mac_sta's
-o : output file by vendor's (oui)
-e : output file by essid's
-E <essid> : output file by part of essid name
-X <essid> : output file by essid name (exactly)
-x <digit> : output by essid len (1 <= 32)
-A <mac_ap> : output file by single mac_ap
-S <mac_sta> : output file by single mac_sta
-O <oui> : output file by single vendor (oui)
-V <name> : output file by single vendor name or part of vendor name
-L <mac_list> : input list containing mac_ap's (need -l)
: format of mac_ap's each line: 112233445566
-l <file> : output file (hccapx) by mac_list (need -L)
-w <file> : write only forced from clients to hccapx file
-W <file> : write only forced from access points to hccapx file
-r <file> : write only replaycount checked to hccapx file
-R <file> : write only not replaycount checked to hccapx file
-N <file> : output stripped file (only one record each mac_ap, mac_sta, essid, message_pair combination)
-n <file> : output stripped file (only one record each mac_sta, essid)
-g <file> : write only handshakes with pairwise key flag set
-G <file> : write only handshakes with groupkey flag set
-0 <file> : write only MESSAGE_PAIR_M12E2 to hccapx file
-1 <file> : write only MESSAGE_PAIR_M14E4 to hccapx file
-2 <file> : write only MESSAGE_PAIR_M32E2 to hccapx file
-3 <file> : write only MESSAGE_PAIR_M32E3 to hccapx file
-4 <file> : write only MESSAGE_PAIR_M34E3 to hccapx file
-5 <file> : write only MESSAGE_PAIR_M34E4 to hccapx file
-k <file> : write keyversion based on key information field (use only basename)
: output: basename.x.hccapx
: WPA1 RC4 Cipher, HMAC-MD5..... basename.1.hccapx
: WPA2 AES Cipher, HMAC-SHA1.... basename.2.hccapx
: WPA2 AES Cipher, AES-128-CMAC2 basename.3.hccapx
: all other are unknown
-F <file> : remove bad records and write only flawless records to hccapx file
-D <file> : remove duplicates from the same authentication sequence
: you must use nonce-error-corrections on that file!
-h : this help
for example:
$ hcxpcaptool -o test.hccapx 201801031743.cap
start reading from 201801031743.cap
summary:
--------
file name..............: 201801031743.cap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 1785492
skippedpackets.........: 0
packets with FCS.......: 0
warning................: zero value timestamps detected
WDS packets............: 14
beacons................: 17182
probe requests.........: 8974
probe responses........: 25548
association requests...: 32142
reassociation requests.: 5299
EAPOL packets..........: 1693747
EAP packets............: 751
found..................: EAP type ID
found..................: EAP-SIM (GSM Subscriber Modules) Authentication
found..................: EAP-TTLS Authentication
found..................: PEAP Authentication
found..................: WPS Authentication
best handshakes........: 807 (ap-less: 387)
815 handshake(s) written to test.hccapx
wlanhcx2ssid -i test.hccapx -X Home
815 records read from test.hccapx
1 records written
$ ls
201801031743.cap Home.hccapx
Do not wonder why we have 807 best handshakes and 815 handshakes written to hccapx.
Reason is that there are networks inside the cap which changed the ESSID during capture time!
We do not want to loose them.
It is also possible the you have less raw handshakes than best handshakes.
That depends on how many re-authentication sequences are captured:
less re-authentications sequences = less raw handshakes