Hashcatch: Capture Handshakes of Nearby WiFi

Last Release: 09/21/2019     Last Commit: 03/21/2020

Hashcatch: Capture Handshakes of Nearby WiFi

Introduction

Hashcatch is a powerful bash tool that has the ability to automate Wi-Fi hacking processes. This tool can deauthenticate all the clients that are connected to nearby Wi-Fi networks and can further attempt to capture the handshakes. Hashcatch can run on just about any device that is Linux based. including Nethunter and Raspberry Pi devices.

Hashcatch: Capture Handshakes of Nearby WiFi Networks Automatically

In a nutshell, Hashcatch continuously scans for Wi-Fi networks that are within range and adds them to the attack list. Therefore, it can automatically capture a handshake to a given Wi-Fi network without being next to the Access Point. All it takes is to ensure that the Wi-Fi network being attacked is within range. In addition, Hashcatch can especially come in handy when capturing handshakes when you are taking an evening walk around the neighborhood.

All you need to do is go to places which are known to have high congestion of Wi-Fi networks. For the tool to work effectively, you must move at a fairly slow pace to allow it to collect the necessary data. It normally takes hashcatch 30 or 20 seconds to perform a handshake capture on a targeted Wi-Fi network. And because the tool saves each handshake in a different file you can easily deploy an immediate brute-force attack to crack the Wi-Fi passwords. It can also perform additional functions like checking if the Wi-Fi card can allow a direct wireless injection.

Supported Platforms:

  • Linux
  • * Raspberry Pi and Nethunter devices

Prerequisites:

Install

Clone the repo:

$ git clone https://github.com/staz0t/hashcatch 

Make sure you’ve installed all dependencies:

$ sudo apt install hcxtools jq

Then run the following command to generate the config file:

$ sudo ./hashcatch --setup

Hashcatch Configuration

Config file can be found in /etc/hashcatch/hashcatch.conf. Depending on your choice and preference you can tune the “interface” to fit your needs.

Ignore list: You can add an “ignore” field for the Wi-Fi networks to tell hashcatch which ones to ignore while capturing.
Example: Open the config file (/etc/hashcatch/hashcatch.conf) and add the following (the entries should not have spaces in between them):

interface=wlan0
ignore=Google Starbucks,AndroidAP

Basic Usage

To launch Hashcatch run:

$ sudo ./hashcatch 
[sudo] password for cyberpunkRs:

 __   __  _______  _______  __   __  _______  _______  _______  _______  __   __ 
|  | |  ||   _   ||       ||  | |  ||       ||   _   ||       ||       ||  | |  |
|  |_|  ||  |_|  ||  _____||  |_|  ||       ||  |_|  ||_     _||       ||  |_|  |
|       ||       || |_____ |       ||       ||       |  |   |  |       ||       |
|       ||       ||_____  ||       ||      _||       |  |   |  |      _||       |
|   _   ||   _   | _____| ||   _   ||     |_ |   _   |  |   |  |     |_ |   _   |
|__| |__||__| |__||_______||__| |__||_______||__| |__|  |___|  |_______||__| |__|
                                                                         
Status: Scanning for wifi networks
Last scan: Pwned all nearby WiFi networks

[*] Keyboard Interrupt
[*] Handshakes captured this session: 2

To print out hashcatch help screen run:

$ sudo ./hashcatch --help 

All captured handshakes will be saved to /usr/share/hashcatch/handshakes/, captured WiFi network’s BSSID and ESSID to /usr/share/hashcatch/db folder.

Download Box