Provided by: hcxtools_6.0.2-1_amd64 
NAME
hcxpcaptool - hcx tools set-N
DESCRIPTION
hcxpcaptool 6.0.2 (C) 2020 ZeroBeat usage: hcxpcaptool <options> hcxpcaptool <options>
[input.pcap] [input.pcap] ... hcxpcaptool <options> *.cap hcxpcaptool <options> *.*
options: -o <file> : output hccapx file (hashcat -m 2500/2501) -O <file> : output raw
hccapx file (hashcat -m 2500/2501)
this will disable all(!) 802.11 validity checks very slow!
-k <file> : output PMKID file (hashcat hashmode -m 16800 new format) -K <file> : output
raw PMKID file (hashcat hashmode -m 16801 new format)
this will disable usage of ESSIDs completely
-z <file> : output PMKID file (hashcat hashmode -m 16800 old format and john) -Z <file> :
output raw PMKID file (hashcat hashmode -m 16801 old format and john)
this will disable usage of ESSIDs completely
-j <file> : output john WPAPSK-PMK file (john wpapsk-opencl) -J <file> : output raw john
WPAPSK-PMK file (john wpapsk-opencl)
this will disable all(!) 802.11 validity checks very slow!
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker -I
<file> : output unsorted identity list -U <file> : output unsorted username list -M <file>
: output unsorted IMSI number list -P <file> : output possible WPA/WPA2 plainmasterkey
list -T <file> : output management traffic information list
format = mac_sta:mac_ap:essid
-X <file> : output client probelist
format: mac_sta:probed ESSID (autohex enabled)
-D <file> : output unsorted device information list
format = mac_device:device information string
-g <file> : output GPS file
format = GPX (accepted for example by Viking and GPSBabel)
-V : verbose (but slow) status output -h : show this help -v : show
version
--filtermac=<mac> : filter output by MAC address
format: 112233445566
--ignore-fake-frames : do not convert fake frames --ignore-zeroed-pmks
: do not convert frames which use a zeroed plainmasterkey (PMK) --ignore-replaycount
: allow not replaycount checked best handshakes --ignore-mac : do not
check MAC addresses
this will allow to use ESSIDs from frames with damaged broadcast MAC address
--time-error-corrections=<digit> : maximum time gap between EAPOL frames - EAPOL TIMEOUT
(default: 600s) --nonce-error-corrections=<digit> : maximum replycount/nonce gap to be
converted (default: 8)
example: --nonce-error-corrections=60
convert handshakes up to a possible packetloss of 59 packets hashcat
nonce-error-corrections should be twice as much as hcxpcaptool value
--max-essid-changes=<digit> : allow maximum ESSID changes (default: 1 - no ESSID
change is allowed) --eapol-out=<file> : output EAPOL packets in hex
format = mac_ap:mac_sta:EAPOL
--netntlm-out=<file> : output netNTLMv1 file (hashcat -m 5500, john netntlm)
--md5-out=<file> : output MD5 challenge file (hashcat -m 4800)
--md5-john-out=<file> : output MD5 challenge file (john chap)
--tacacsplus-out=<file> : output TACACS+ authentication file (hashcat -m 16100,
john tacacs-plus) --network-out=<file> : output network information
format = mac_ap:ESSID
--hexdump-out=<file> : output dump raw packets in hex --hccap-out=<file>
: output old hccap file (hashcat -m 2500) --hccap-raw-out=<file> : output raw
old hccap file (hashcat -m 2500)
this will disable all(!) 802.11 validity checks
very slow!
--nmea=<file> : save track to file
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel: gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F
file.gpx to display the track, open file.gpx with viking
--prefix-out=<file> : convert everything to lists using this prefix (overrides
single options):
hccapx (-o) file.hccapx
PMKID (-k) file.16800 netntlm (--netntlm-out) file.5500 md5 (--md5-out) file.4800
tacacsplus (--tacacsplus) file.16100 wordlist (-E) file.essidlist identitylist (-I)
file.identitylist usernamelist (-U) file.userlist imsilist (-M) file.imsilist
networklist (-network-out) file.networklist trafficlist (-T) file.networklist
clientlist (-X) file.clientlist deviceinfolist (-D) file.deviceinfolist
--help : show this help --version :
show version
bitmask for message pair field: 0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 2: MP info
(https://hashcat.net/wiki/doku.php?id=hccapx) 3: x (unused) 4: ap-less attack (set to 1) -
no nonce-error-corrections necessary 5: LE router detected (set to 1) -
nonce-error-corrections only for LE necessary 6: BE router detected (set to 1) -
nonce-error-corrections only for BE necessary 7: not replaycount checked (set to 1) -
replaycount not checked, nonce-error-corrections definitely necessary
Do not edit, merge or convert pcapng files! This will remove optional comment fields! Do
not use hcxpcaptool in combination with third party cap/pcap/pcapng cleaning tools
(except: tshark and/or Wireshark)! It is much better to run gzip to compress the files.
Wireshark, tshark and hcxpcaptool will understand this.
SEE ALSO
The full documentation for hcxpcaptool is maintained as a Texinfo manual. If the info and
hcxpcaptool programs are properly installed at your site, the command
info hcxpcaptool
should give you access to the complete manual.