"/home/yossef/notes/personal/hacking/hashcatch.md"

path: personal/hacking/hashcatch.md

- **fileName**: hashcatch
- **Created on**: 2025-08-13 16:47:56

HashCatch

HashCatch is a command-line utility designed to automate the process of
capturing WPA/WPA2 handshakes from nearby Wi-Fi networks. It simplifies
the steps of putting your wireless adapter into monitor mode, scanning
for access points, deauthenticating clients, and capturing handshakes,
making it easier to collect data for security auditing or penetration
testing.

Features

• Automated Wi-Fi scanning and handshake capture.
• Automatic conversion of captured handshakes to .hccapx format,
  compatible with Hashcat.
• Hardcoded wlan1 interface for streamlined operation.
• Arch Linux specific dependency checks.
• Geolocation data (if available) for captured handshakes.

Installation

HashCatch is designed to run on Arch Linux.

Prerequisites

Ensure you have the following packages installed on your Arch Linux system:

sudo pacman -S aircrack-ng hashcat-utils hcxtools jq curl

• aircrack-ng: For wireless network analysis and handshake capture.
• hashcat-utils: Provides cap2hccapx for converting .cap files to
  Hashcat-compatible .hccapx format.
• hcxtools: Provides wlanhcxinfo for verifying handshake files.
• jq: A lightweight and flexible command-line JSON processor, used for
  geolocation data.
• curl: Used for fetching geolocation data.

Setup

1. Clone the HashCatch repository:

   git clone https://github.com/your_repo/hashcatch.git
   # Replace with actual repo URL
   cd hashcatch
   

2. Run the setup script. This will create necessary directories and
   configure the tool.

   sudo ./hashcatch --setup
   

   During setup, your wlan1 interface will automatically be put into
   monitor mode, and its new name (e.g., wlan1mon) will be saved for
   subsequent runs.

Usage

To setup HashCatch and begin capturing handshakes:

sudo ./hashcatch --setup

To start HashCatch and begin capturing handshakes:

sudo ./hashcatch

Press Ctrl+C to stop the process.

How it Works

HashCatch operates by:

1. Interface Setup: Automatically sets your wlan1 wireless adapter
   into monitor mode. The script is configured to use wlan1 and expects
   it to be renamed to wlan1mon (or similar) by airmon-ng.
2. Scanning: Continuously scans for nearby Wi-Fi access points.
3. Deauthentication: For each detected access point, it sends
   deauthentication packets to connected clients, forcing them to
   reauthenticate.
4. Handshake Capture: During the reauthentication process, HashCatch
   attempts to capture the WPA/WPA2 4-way handshake.
5. Conversion & Storage: Captured handshakes are automatically
   converted to .hccapx format and stored. Geolocation data is also
   attempted to be fetched and stored alongside the handshake information.

Handshake Storage

All captured .hccapx handshake files are stored in:

/usr/share/hashcatch/handshakes/

Additionally, a database file containing BSSID, ESSID, and (if available)
geolocation data for captured handshakes is maintained at:

/usr/share/hashcatch/db

Troubleshooting

• "Requires root permission.": Ensure you run the script with sudo.
• "Could not set wireless adapter to monitor mode.": This usually means
  airmon-ng encountered an issue. Ensure wlan1 is the correct
  interface name for your wireless adapter and that it supports monitor
  mode. Also, ensure no other processes are interfering with your wireless
  card (you might need to run sudo airmon-ng check kill).
• Missing Packages: If you see warnings about missing packages, install
  them using the pacman command provided in the
  Prerequisites section.

continue:./reavercatch.md
before:./hc22000_content.md