The hcxtools suite is used to capture and convert Pre-Shared Key (PSK) handshake files into other formats. This suite is specifically useful for capturing PMKID values or handshakes useful for recovering the PSK of an associated wireless network.
The typical workflow is to identify the SSID of the PSK network, build a filter file to capture values from APs associated with the target SSID, run hcxdumptool to capture PMKID values, convert the hash using hcxpcaptool, and crack the resulting hash using hashcat.
The SSID of the target network can be identified using airodump-ng or Kismet. The filter file contains a list of MAC addresses (line separated) associated with the SSID. This list can be parsed from the airodump-ng output or copied from the Kismet interface.
Hcxdumptool Collection Syntax
The following syntax is used to listen to a targeted network whose access point MAC addresses are included in a filter file.
hcxdumptool -o capture.pcap -i [interface] --enable_status=1 --filterlist=[in scope MAC address list] --filtermode=2
The above command results in a packet capture file containing the collected PMKID from the target network.
Once the