macOS
brew install hcxtoolslocal Homebrew formula metadata
brew
Utils for conversion of cap/pcap/pcapng WiFi dump files. Version 7.1.2 via Homebrew; verified from local package data.
install
brew install hcxtoolslocal Homebrew formula metadata
sudo apt install hcxtoolsDebian stable package indexes · hcxtools · source: deb.debian.org
sudo dnf install hcxtoolsFedora Rawhide package metadata · hcxtools · source: dl.fedoraproject.org
nix profile install nixpkgs#hcxtoolsnixpkgs package indexes · pkgs/by-name/hc/hcxtools/package.nix · source: api.github.com
sudo pacman -S hcxtoolsArch Linux sync databases · hcxtools · source: geo.mirror.pkgbuild.com
overview
Utils for conversion of cap/pcap/pcapng WiFi dump files
history
hcxtools is a Linux-focused suite for converting Wi-Fi capture files into hash formats consumed by Hashcat and John the Ripper. The upstream description frames it as an analysis toolkit for finding weak points in one's own wireless networks rather than as a password-cracking engine.
The GitHub repository was created in April 2017. Its scope settled around the conversion and post-processing side of WPA/WPA2 auditing: hcxpcapngtool converts capture files, hcxhashtool filters hash files, hcxpmktool verifies PSKs or PMKs, hcxpottool handles pot files, and related tools handle wordlist candidates, vendor lookup, and upload workflows.
The toolkit is closely paired with ZerBea's hcxdumptool, which performs packet capture and layer-2 WPA protocol tests. The documented workflow is hcxdumptool to hcxpcapngtool to hcxhashtool, optionally to hcxpsktool or hcxeiutool, and then to Hashcat or John the Ripper.
hcxtools evolved with Hashcat's WPA formats. The README emphasizes Hashcat mode 22000/22001 over older 2500/2501 and 16800/16801 formats, while the changelog records later work on FT-PSK PMKID and EAPOL conversion for mode 37100 and ongoing handling of EAPOL length limits.
The package spread through security-oriented Linux distributions and general package managers because it solves a specific interoperability problem: turning packet captures into forms that established cracking and auditing tools can read. The batch input records Homebrew, Debian, Fedora, Nix, Arch, and Ubuntu packaging, but upstream itself warns that operating systems outside its Linux target are unsupported.
Its audience is narrower than a general network utility. Upstream expects knowledge of radio technology, 802.11 protocol behavior, key derivation, Linux drivers, capture filters, and related tooling. That technical bar shaped adoption among wireless-security practitioners and package users who already know the Hashcat/JtR workflow.
hcxtools does not capture traffic, crack hashes, attack WEP or WPS, or decrypt encrypted traffic. Instead, it converts, filters, verifies, and prepares artifacts: pcapng/pcap/cap input, PMKID and EAPOL hash lines, pot files, ESSID-derived candidate lists, vendor OUI lookups, and wpa-sec upload workflows.
The upstream README is explicit that output files may be appended to, that dump files should not be merged in ways that destroy custom block hash assignments, and that nonce-error correction is not performed by the tools. These details are why package users often care about exact upstream versions matching hcxdumptool and Hashcat behavior.
hcxtools is package-nerd significant because it sits at a brittle boundary between kernel Wi-Fi capture behavior, pcapng file semantics, WPA handshake interpretation, and Hashcat/JtR hash formats. Small changes in any layer can make a packaged version too old for a user's capture workflow.
The suite is also notable as a source-built C toolkit with many small executables rather than one command. Packaging therefore exposes a toolbox: hcxpcapngtool for conversion, hcxhashtool for filtering, hcxhash2cap for reverse conversion, hcxpottool for pot files, whoismac for OUI data, and more.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
hcxeiutool | cli | global executable | |
hcxhash2cap | cli | global executable | |
hcxhashtool | cli | global executable | |
hcxpcapngtool | cli | global executable | |
hcxpmktool | cli | global executable | |
hcxpottool | cli | global executable | |
hcxpsktool | cli | global executable | |
hcxwltool | cli | global executable | |
whoismac | cli | global executable | |
wlancap2wpasec | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/ZerBea/hcxtools
install metadata
| Package key | brew:hcxtools |
|---|---|
| Version | 7.1.2 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/hcxtools |
| Homepage | https://github.com/ZerBea/hcxtools |
| Repository | https://github.com/ZerBea/hcxtools |
| Upstream docs | https://github.com/ZerBea/hcxtools#readme |
| License | MIT |
| Source archive | https://github.com/ZerBea/hcxtools/archive/refs/tags/7.1.2.tar.gz |
| Dependencies | openssl@3 |
| Build dependencies | pkgconf |
| Uses from macOS | curl |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | hcxtools |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
hcxtools 6.3.5-1
Tools for converting captures to use with hashcat or John the Ripper
https://github.com/ZerBea/hcxtools
sudo apt install hcxtoolshcxtools
nix profile install nixpkgs#hcxtoolshcxtools 6.2.7-2build3
Tools for converting captures to use with hashcat or John the Ripper
https://github.com/ZerBea/hcxtools
sudo apt install hcxtoolshcxtools 7.1.2-1.fc45
Set of tools to convert packets from capture files to hash files
https://github.com/ZerBea/hcxtools
sudo dnf install hcxtoolshcxtools 7.1.2-1
Portable solution for capturing wlan traffic and conversion to hashcat and John the Ripper formats
https://github.com/ZerBea/hcxtools
sudo pacman -S hcxtoolssource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.