Saturday, 6 June 2020
Hacking Information Gathering Linux Networking Password Attacks Pentesting Tools Vulnerability Scanner Wireless Attacks Wireless Network

Hashcatch – Capture Handshakes Of Nearby WiFi Networks Automatically

[vc_row][vc_column][vc_column_text]Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog

Written by @SivaneshAshok

PoC of hashcatch (running with a couple of WiFi networks within range)

hashcatch PoC

Install from source

  1. git clone
  2. Install the prerequisites and ensure that they are working properly
  3. [optional] Add the hashcatch directory to your PATH
  4. ./hashcatch --setup
  5. Answer the prompts
  6. And done!

Install using packages

  1. Download the respective package for your distribution from releases
  2. Run sudo pacman -U ./hashcatch-<ver>-1-any.pkg.tar.xz or sudo apt install ./hashcatch_<ver>_all.deb
  3. sudo hashcatch --setup
  4. Answer the prompts
  5. And done!


  • aircrack-ng
  • hashcat-utils
  • hcxtools
  • jq


sudo hashcatch to start hashcatch

hashcatch --help to print the help screen

  • Hashcatch runs indefinitely until keyboard interrupt
  • Handshakes captured will be stored in /usr/share/hashcatch/handshakes/
  • The captured WiFi network’s BSSID and ESSID will be added to /usr/share/hashcatch/db
  • If you’re targeting a wifi network, spend around 20 to 30 seconds within the wifi’s range to ensure handshake capture
  • [Experimental] If you are connected to the internet while capturing, the following data will also be added to the db file
    • latitude
    • longitude
    • signal radius
    • time of record
    • Note: Kudos to Alexander Mylnikov for the API he’s running that returns the location details of a router’s MAC address using public databases

The Configuration file

  • The configuration file can be found in /etc/hashcatch/hashcatch.conf
  • You can later edit the “interface” field to set the interface of your choice
  • You can also add an “ignore” field to mention the WiFi networks you want hashcatch to ignore while running
  • Refer the example given below to know about the format in which entries should be added to the configuration file
  • Format option name=option1,option2,option3
  • No space in between option name, equal sign and options
  • Example
ignore=Google Starbucks,AndroidAP

Features to be added

  • More location features
  • Automatic upload to websites to start cracking the handshake
  • PMKID attack
  • Pixiedust attack for WPS enabled networks
  • More location features
  • Automatically check handshakes with a rainbow tableDownload at Github


Post Comment