Hashcatch: Capture Handshakes of Nearby WiFi
Introduction
Hashcatch is a powerful bash tool that has the ability to automate Wi-Fi hacking processes. This tool can deauthenticate all the clients that are connected to nearby Wi-Fi networks and can further attempt to capture the handshakes. Hashcatch can run on just about any device that is Linux based. including Nethunter and Raspberry Pi devices.
Hashcatch: Capture Handshakes of Nearby WiFi Networks Automatically
In a nutshell, Hashcatch continuously scans for Wi-Fi networks that are within range and adds them to the attack list. Therefore, it can automatically capture a handshake to a given Wi-Fi network without being next to the Access Point. All it takes is to ensure that the Wi-Fi network being attacked is within range. In addition, Hashcatch can especially come in handy when capturing handshakes when you are taking an evening walk around the neighborhood.
All you need to do is go to places which are known to have high congestion of Wi-Fi networks. For the tool to work effectively, you must move at a fairly slow pace to allow it to collect the necessary data. It normally takes hashcatch 30 or 20 seconds to perform a handshake capture on a targeted Wi-Fi network. And because the tool saves each handshake in a different file you can easily deploy an immediate brute-force attack to crack the Wi-Fi passwords. It can also perform additional functions like checking if the Wi-Fi card can allow a direct wireless injection.
Supported Platforms:
- Linux
- * Raspberry Pi and Nethunter devices
Prerequisites:
aircrack-ng
hashcat-utils
hcxtools
jq
Install
Clone the repo:
$ git clone https://github.com/staz0t/hashcatch
Make sure you’ve installed all dependencies:
$ sudo apt install hcxtools jq
Then run the following command to generate the config file:
$ sudo ./hashcatch --setup
Hashcatch Configuration
Config file can be found in /etc/hashcatch/hashcatch.conf
. Depending on your choice and preference you can tune the “interface” to fit your needs.
Example: Open the config file (
/etc/hashcatch/hashcatch.conf
) and add the following (the entries should not have spaces in between them):interface=wlan0
ignore=Google Starbucks,AndroidAP
Basic Usage
To launch Hashcatch run:
$ sudo ./hashcatch [sudo] password for cyberpunkRs: __ __ _______ _______ __ __ _______ _______ _______ _______ __ __ | | | || _ || || | | || || _ || || || | | | | |_| || |_| || _____|| |_| || || |_| ||_ _|| || |_| | | || || |_____ | || || | | | | || | | || ||_____ || || _|| | | | | _|| | | _ || _ | _____| || _ || |_ | _ | | | | |_ | _ | |__| |__||__| |__||_______||__| |__||_______||__| |__| |___| |_______||__| |__| Status: Scanning for wifi networks Last scan: Pwned all nearby WiFi networks [*] Keyboard Interrupt [*] Handshakes captured this session: 2
To print out hashcatch help screen run:
$ sudo ./hashcatch --help
All captured handshakes will be saved to /usr/share/hashcatch/handshakes/
, captured WiFi network’s BSSID and ESSID to /usr/share/hashcatch/db
folder.