hcxdupcap: Real-Time WPA Handshake Capture & Cracking Toolkit

🔗 GitHub Repository: tfmbot/hcxdupcap

🔍 What This Tool Does

This Python-based script automates the full cycle of capturing WPA/WPA2 handshakes, extracting them, and optionally cracking them using hashcat. It's built for Wi-Fi security auditing and wraps around powerful existing tools.

---

⚙️ Workflow Summary

1. Capture WPA Handshakes

   • Uses hcxdumptool to capture raw Wi-Fi traffic (.pcapng) from a selected wireless interface.

2. Monitor .pcapng in Real Time

   • A watchdog process monitors the output file for changes.
   • When updated, it automatically runs hcxpcapngtool to extract WPA hashes.

3. Parse and Log Handshakes

   • Extracted hashes are:
     • Saved to hash.hc22000 (for use with hashcat)
     • Logged with SSID info to SsidHash.txt
   • Duplicate hashes are skipped using a set of known hashes in memory.

4. Check and Install Dependencies

   • Automatically checks for required tools: hcxdumptool, hcxpcapngtool, hashcat.
   • Installs missing ones using apt.

5. Start Monitor Mode Automatically

   • Stops NetworkManager and wpa_supplicant before capture.
   • Restarts them safely after capture ends.

6. Crack Captured WPA Hashes (Optional)

   • Offers to crack captured handshakes using hashcat and the rockyou.txt wordlist.
   • Attempts to find rockyou.txt or prompts to download it if not found.

---

🧠 Example Workflow

sudo python3 hcxdupcap.py -i wlan0 -w mycapture.pcapng

• Replace wlan0 with your Wi-Fi interface in monitor mode.
• Default output is capture.pcapng.

---

📁 Output Files

File	Description
capture.pcapng	Raw capture from hcxdumptool
hash.hc22000	Extracted WPA hashes for hashcat
SsidHash.txt	Readable log of hashes + SSIDs
passwordcracked.txt	Output of cracked passwords

---

Use responsibly. 🔐