The latest articles on DEV Community by Userbot (@tfmbot). https://dev.to/tfmbot https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3382806%2F940620bc-1d45-4a4b-8c0b-40ff7fbd7d6c.png https://dev.to/tfmbot en Userbot Wed, 23 Jul 2025 19:56:12 +0000 https://dev.to/tfmbot/hcxdupcap-real-time-wpa-handshake-capture-cracking-toolkit-3ogg https://dev.to/tfmbot/hcxdupcap-real-time-wpa-handshake-capture-cracking-toolkit-3ogg <p>🔗 <strong>GitHub Repository</strong>: <a href="https://github.com/tfmbot/hcxdupcap" rel="noopener noreferrer">tfmbot/hcxdupcap</a></p> <h2> 🔍 What This Tool Does </h2> <p>This Python-based script automates the full cycle of capturing WPA/WPA2 handshakes, extracting them, and optionally cracking them using hashcat. It's built for Wi-Fi security auditing and wraps around powerful existing tools.</p> <h2> ⚙️ Workflow Summary </h2> <ol> <li> <p><strong>Capture WPA Handshakes</strong></p> <ul> <li>Uses <code>hcxdumptool</code> to capture raw Wi-Fi traffic (<code>.pcapng</code>) from a selected wireless interface.</li> </ul> </li> <li> <p><strong>Monitor <code>.pcapng</code> in Real Time</strong></p> <ul> <li>A watchdog process monitors the output file for changes.</li> <li>When updated, it automatically runs <code>hcxpcapngtool</code> to extract WPA hashes.</li> </ul> </li> <li> <p><strong>Parse and Log Handshakes</strong></p> <ul> <li>Extracted hashes are: <ul> <li>Saved to <code>hash.hc22000</code> (for use with hashcat)</li> <li>Logged with SSID info to <code>SsidHash.txt</code> </li> </ul> </li> <li>Duplicate hashes are skipped using a set of known hashes in memory.</li> </ul> </li> <li> <p><strong>Check and Install Dependencies</strong></p> <ul> <li>Automatically checks for required tools: <code>hcxdumptool</code>, <code>hcxpcapngtool</code>, <code>hashcat</code>.</li> <li>Installs missing ones using <code>apt</code>.</li> </ul> </li> <li> <p><strong>Start Monitor Mode Automatically</strong></p> <ul> <li>Stops <code>NetworkManager</code> and <code>wpa_supplicant</code> before capture.</li> <li>Restarts them safely after capture ends.</li> </ul> </li> <li> <p><strong>Crack Captured WPA Hashes (Optional)</strong></p> <ul> <li>Offers to crack captured handshakes using <code>hashcat</code> and the <code>rockyou.txt</code> wordlist.</li> <li>Attempts to find <code>rockyou.txt</code> or prompts to download it if not found.</li> </ul> </li> </ol> <h2> 🧠 Example Workflow </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>python3 hcxdupcap.py <span class="nt">-i</span> wlan0 <span class="nt">-w</span> mycapture.pcapng </code></pre> </div> <ul> <li>Replace <code>wlan0</code> with your Wi-Fi interface in monitor mode.</li> <li>Default output is <code>capture.pcapng</code>.</li> </ul> <h2> 📁 Output Files </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>File</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>capture.pcapng</code></td> <td>Raw capture from <code>hcxdumptool</code> </td> </tr> <tr> <td><code>hash.hc22000</code></td> <td>Extracted WPA hashes for hashcat</td> </tr> <tr> <td><code>SsidHash.txt</code></td> <td>Readable log of hashes + SSIDs</td> </tr> <tr> <td><code>passwordcracked.txt</code></td> <td>Output of cracked passwords</td> </tr> </tbody> </table></div> <p>Use responsibly. 🔐</p> linux ubuntu programming wifi