Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically
Written by @SivaneshAshok
PoC of hashcatch (running with a couple of WiFi networks within range)
Setting up
./setup.sh
- Enter the interface that can be switched to monitor mode
- The script will install the prerequisites
Usage
sudo ./hashcatch.sh
- The script runs indefinitely until keyboard interrupt
- If you're targeting a wifi network, spend around 20 to 30 seconds within the wifi's range to ensure handshake capture
- Handshakes captured will be stored in handshakes/ directory
- The captured WiFi network's BSSID and ESSID will be stored in db file
- [Experimental] If you are connected to the internet while capturing, the following data will also be added to the db file
- latitude
- longitude
- signal radius
- time of record
- Note: Kudos to Alexander Mylnikov for the API he's running that returns the location details of a router's MAC address using public databases
The "config" file
- The config file will be generated by the setup.sh script
- You can later edit the "interface" field to set the interface of your choice
- You can also add an "ignore" field to mention the WiFi networks you want hashcatch to ignore while running
- Refer the example given below to know about the format in which entries should be added to config file
Format of config file
option name=option1,option2,option3
No space in between option name, equal sign and options
Example
interface=wlan0
ignore=Google Starbucks,AndroidAP
Features to be added
- PMKID attack
- Pixiedust attack for WPS enabled networks
- More location features
- Automatically check handshakes with a rainbow table
Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically
Reviewed by Zion3R
on
9:00 AM
Rating: