hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Well, K*A*L*I isn't a distribution, which is easy to use. Why do I tell this first? Because of this error message:
"could not create dumpfile Dump/wifidump_2020_01_08.pcapng"

You simply haven't write permission to save the dumpfile.

By latest commit, I changed the warning to:
"hcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the as well as write permission for the dumpfile"

This is an example of a script if hcxdumptool can't set monitor mode (e.g. on RTL8188, rtl8812 drivers, which require NETLINK):

Code:
#!/bin/sh
if test -z "$1"
then
for IFACE in `ls -1 /sys/class/net | grep ^wl`
do
printf "$IFACE "
cat /sys/class/net/$IFACE/address
done
printf "\nbitte WLAN-Adapter eingeben: "
read WLANDEV

else
WLANDEV=$1
fi

echo "deaktiviere Monitor für $WLANDEV"
sudo ip link set $WLANDEV down
sudo iw dev $WLANDEV set type managed
sudo ip link set $WLANDEV up
sudo iw dev $WLANDEV info

echo "aktiviere NetworkManager"
sudo systemctl start NetworkManager.service
sudo systemctl start wpa_supplicant.service



"With the new hcxpcapngtool will you be adding the option to allow the user to define mac_ap or mac_station of the target they wish to output as a hccap a bit like the options in wlanhcx2ssid?"

new hcxhashtool is designed to filter hashfiles by user options:

Code:
$ hcxhashtool -h
hcxhashtool 5.3.0 (C) 2019 ZeroBeat
usage:
hcxhashtool <options>
options:
-i <file>  : input PMKID/EAPOL hash file
-o <file>  : output PMKID/EAPOL hash file
-E <file>  : output ESSID list (autohex enabled)
-d          : download http://standards-oui.ieee.org/oui.txt
            : and save to ~/.hcxtools/oui.txt
            : internet connection required
-h          : show this help
-v          : show version
--type                      : filter by hash type
                            : default PMKID (1) and EAPOL (2)
--essid-group                : convert to ESSID groups
                              full advantage of reuse of PBKDF2
--essid-len                  : filter by ESSID length
                            : default ESSID length: 0...32
--essid-min                  : filter by ESSID minimum length
                            : default ESSID minimum length: 0
--essid-max                  : filter by ESSID maximum length
                            : default ESSID maximum length: 32
--essid=<ESSID>              : filter by ESSID
--essid_part=<part of ESSID> : filter by part of ESSID
--mac=<MAC>                  : filter by MAC
                            : format: 001122334455 (hex)
--oui-ap                    : filter AP by OUI
                            : format: 001122 (hex)
--oui-client                : filter CLIENT by OUI
                            : format: 001122 (hex)
--vendor=<VENDOR>            : filter by (part of) VENDOR name
--info=<file>                : output detailed information about content of hash file
--info=stdout                : stdout output detailed information about content of hash file
--vendorlist                : stdout output VENDOR list sorted by OUI
--psk=<PSK>                  : pre-shared key to test
                            : due to PBKDF2 calculation this is a very slow process
                            : no nonce error corrections
--pmk=<PMK>                  : plain master key to test
                            : no nonce error corrections
--help                      : show this help
--version                    : show version


Today I'll add filtering by message pair, replaycount check, and AP-LESS, too. I will not add this to hcxpcapngtool.

The Linux philosophy (an mine, too) is:
Write programs that do one thing and do it well.
Write programs to work together.
https://en.wikipedia.org/wiki/Unix_philosophy

hcxdumptool -> WiFi part (fast without additional stuff, able to run headless)
hcxpcapngtool -> conversion (fast, without additional filtering stuff, able to run headless)
hcxhashtool -> provide filter / info about content of hashfile / pre-processor for hashcat/JtR
hcxpsktool -> provide information based on MAC and ESSID
wlancap2wpasec -> upload to data base
hcxwltool -> provide word list functions which other tools don't provide

All other hcxtools are deprecated and I'm going to remove them, soon (in sync with hashcat and JtR, when they drop old format).

Supporting and maintaining this ancient formats (hccap, hccapx, JtR old) is an is an immense effort.
Please take a look at the latest commit here:
https://github.com/ZerBea/hcxtools/commi...9010c557cc
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 01-08-2020, 10:01 AM