Home

Awesome

hcxdumptool

A tool to capture packets from WLAN devices and to discover potential weak points within own WiFi networks by running layer 2 attacks against the WPA protocol.

Designed to to run (mostly headless) on small systems like a Raspberry Pi Zero.

General Information

What Doesn't hcxdumptool Do?

Unsupported: Windows OS, macOS, Android, emulators or wrappers!

[!NOTE]

hcxdumptool does not perform conversion or cracking! It is designed to be used in conjunction with the following tools:

ToolDescription
hcxpcapngtoolTool to convert raw PCAPNG files to Hashcat and JtR readable formats. (hcxtools)
hcxhashtoolTool to filter hashes from HC22000 files based on user input. (hcxtools)
hcxpsktoolTool to get weak PSK candidates from HC22000 files. (hcxtools)
hcxeiutoolTool to calculate wordlists based off ESSIDs gathered. (hcxtools)
Hashcat/JtRThird party tools used to infer PSK from HC22000 hash files.

hcxtools can be found here. Hashcat can be found here.

Work Flow

hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> Hashcat or JtR

Requirements

Install Guide

[!IMPORTANT]

While hcxdumptool and hcxtools are available through the package manager on most distributions, these packages are usually very old and outdated, thus cloning and building is recommended.

Make sure that your distribution is updated to it's latest version and make sure that all header files and dependencies have been installed BEFORE attempting to compile!

The packages mentioned in the "Requirements" section sometimes come under different names in a package manager! Make sure to install the correct packages!

Clone Repository

git clone https://github.com/ZerBea/hcxdumptool.git
cd hcxdumptool

Compile & Install

Compiling:

make -j $(nproc)

Installing to /usr/bin:

make install (as super user)

Or installing to /usr/local/bin:

make install PREFIX=/usr/local (as super user)

[!TIP]

On headless operation, remove -DSTATUSOUT from the Makefile before compiling! That way, the status display will not be compiled. This will save CPU cycles and prevent ERRORs from occurring.

It is theoretically possible to compile hcxdumptool for other systems (e.g. Android) and other distributions (e.g. KALI) and other operating systems (BSD) as well. There is no plan to support the operating systems and feature requests will be rejected.

Adapters

[!WARNING]

[!NOTE]

Manufacturers do change chipsets without changing model numbers. Sometimes they add (v)ersion or (rev)vision. As long as a manufacturer or a company does not consider it necessary to supply drivers to the Linux kernel avoid to buy this products!

Always verify the actual chipset with 'lsusb' and/or 'lspci'!

No support for a third party driver which is not part of the official Linux kernel (https://www.kernel.org/) Report related issues to the site, from which you downloaded the driver.

No support for a driver which doesn't support monitor mode and full frame injection natively. If you need these features, do a request on www.kernel.org

Some device and driver tests can be found here. Dependent on the version of the Linux kernel, expect massive driver issues.

Known as working WiFi chipsets:

Not recommended WiFi chipsets:

More information about possible issues or limitations can be found here.

Antennas

The best high frequency amplifier is a good antenna!

It is much better to achieve gain using a good antenna instead of increasing transmission power.

VENDOR MODELTYPE
LOGILINK WL0097Grid Parabolic
TP-LINK TL-ANT2414 A/BPanel
LevelOne WAN-1112Panel
DELOCK 88806Panel
TP-LINK TL-ANT2409 APanel

GPS devices (NMEA 0183 protocol)

VENDOR MODELTYPE
NAVILOCK NL-701USUSB
JENTRO BT-GPS-8 activepilotBLUETOOTH
HiLetgo VK172USB

Useful Scripts

ScriptDescription
stopnmExample script to start NetworkManager
startnmExample script to stop NetworkManager
startnlmonExample script to activate NETLINK monitor

Caution!

You might expect me to recommend that everyone should be using hcxdumptool/hcxtools. But the fact of the matter is, hcxdumptool/hcxtools is NOT recommended to be used by inexperienced users or newbies.

If you are not familiar with Linux in general or you do not have at least a basic level of knowledge as mentioned in the "Requirements" section, hcxdumptool/hcxtools is probably not what you are looking for. However, if you have that knowledge hcxdumptool/hcxtools can do magic for you.

Misuse of hcxdumptool within a network, particularly without authorization, may cause irreparable damage and result in significant consequences. “Not understanding what you were doing” is not going to work as an excuse.

The entire toolkit (hcxdumptool and hcxtools) is designed to be an analysis toolkit.

hcxdumptool should only be used in a 100% controlled environment!

If you can't control the environment, it is absolutely mandatory to set the BPF!

The BPF can be used to select a target (or multible targets) or to protect devices.

By default, hcxdumptool is utilizing three attack vectors:

[!WARNING]

You may only use hcxdumptool on networks that you have permission to attack, because:

Do Not:

Useful Links