This content originally appeared on DEV Community and was authored by Userbot
GitHub Repository: tfmbot/hcxdupcap
What This Tool Does
This Python-based script automates the full cycle of capturing WPA/WPA2 handshakes, extracting them, and optionally cracking them using hashcat. It’s built for Wi-Fi security auditing and wraps around powerful existing tools.
Workflow Summary
-
Capture WPA Handshakes
- Uses
hcxdumptoolto capture raw Wi-Fi traffic (.pcapng) from a selected wireless interface.
- Uses
-
Monitor
.pcapngin Real Time- A watchdog process monitors the output file for changes.
- When updated, it automatically runs
hcxpcapngtoolto extract WPA hashes.
-
Parse and Log Handshakes
- Extracted hashes are:
- Saved to
hash.hc22000(for use with hashcat) - Logged with SSID info to
SsidHash.txt
- Saved to
- Duplicate hashes are skipped using a set of known hashes in memory.
- Extracted hashes are:
-
Check and Install Dependencies
- Automatically checks for required tools:
hcxdumptool,hcxpcapngtool,hashcat. - Installs missing ones using
apt.
- Automatically checks for required tools:
-
Start Monitor Mode Automatically
- Stops
NetworkManagerandwpa_supplicantbefore capture. - Restarts them safely after capture ends.
- Stops
-
Crack Captured WPA Hashes (Optional)
- Offers to crack captured handshakes using
hashcatand therockyou.txtwordlist. - Attempts to find
rockyou.txtor prompts to download it if not found.
- Offers to crack captured handshakes using
Example Workflow
sudo python3 hcxdupcap.py -i wlan0 -w mycapture.pcapng
- Replace
wlan0with your Wi-Fi interface in monitor mode. - Default output is
capture.pcapng.
Output Files
| File | Description |
|---|---|
capture.pcapng |
Raw capture from hcxdumptool
|
hash.hc22000 |
Extracted WPA hashes for hashcat |
SsidHash.txt |
Readable log of hashes + SSIDs |
passwordcracked.txt |
Output of cracked passwords |
Use responsibly. 
This content originally appeared on DEV Community and was authored by Userbot