added hcx tools to validation of captures + various improvements

Author: kimocoder

wifite/model/handshake.py

@@ -69,9 +69,11 @@ def has_handshake(self):
         # Check if ANY validator detects a handshake
         # Tshark is strict (requires all 4 messages), but cowpatty/aircrack
         # can work with just messages 2&3, which is sufficient for cracking
+        # hcxpcapngtool is best for hcxdumptool captures (pcapng format)
         return (len(self.tshark_handshakes()) > 0 or
                 len(self.cowpatty_handshakes()) > 0 or
-                len(self.aircrack_handshakes()) > 0)
+                len(self.aircrack_handshakes()) > 0 or
+                len(self.hcxpcapngtool_handshakes()) > 0)
 
     def tshark_handshakes(self):
         """Returns list[tuple] of BSSID & ESSID pairs (ESSIDs are always `None`)."""
@@ -83,15 +85,23 @@ def cowpatty_handshakes(self):
         if not Process.exists('cowpatty'):
             return []
 
-        # Needs to check if cowpatty is updated and have the -2 parameter
-        cowpattycheck = Process('cowpatty', devnull=False)
-
-        command = [
-            'cowpatty',
-            '-2' if 'frames 1 and 2 or 2 and 3 for key attack' in cowpattycheck.stdout() else '',
-            '-r',   self.capfile,
-            '-c'    # Check for handshake
-        ]
+        # Check if cowpatty supports the -2 parameter (frames 1&2 or 2&3)
+        # Run cowpatty with -h to get help output instead of running without args
+        try:
+            cowpattycheck = Process(['cowpatty', '-h'], devnull=False)
+            supports_dash_2 = 'frames 1 and 2 or 2 and 3 for key attack' in cowpattycheck.stdout()
+        except Exception:
+            # If help check fails, assume -2 is not supported
+            supports_dash_2 = False
+
+        # Build command - only include -2 if supported
+        command = ['cowpatty']
+        if supports_dash_2:
+            command.append('-2')
+        command.extend([
+            '-r', self.capfile,
+            '-c'  # Check for handshake
+        ])
 
         proc = Process(command, devnull=False)
         return next(
@@ -122,6 +132,65 @@ def aircrack_handshakes(self):
         else:
             return []
 
+    def hcxpcapngtool_handshakes(self):
+        """
+        Returns tuple (BSSID,None) if hcxpcapngtool can extract valid handshake data.
+        This is especially useful for pcapng files captured by hcxdumptool.
+        Only runs on .pcapng files as hcxpcapngtool is optimized for that format.
+        """
+        if not Process.exists('hcxpcapngtool'):
+            return []
+        
+        # Only use hcxpcapngtool for pcapng files (hcxdumptool format)
+        # For older .cap files, use aircrack/cowpatty/tshark instead
+        if not self.capfile.lower().endswith('.pcapng'):
+            return []
+
+        import tempfile
+        
+        # Create a temporary hash file to test if hcxpcapngtool can extract data
+        try:
+            with tempfile.NamedTemporaryFile(mode='w', suffix='.22000', delete=False) as tmp:
+                hash_file = tmp.name
+            
+            command = [
+                'hcxpcapngtool',
+                '-o', hash_file,
+                self.capfile
+            ]
+            
+            proc = Process(command, devnull=False)
+            
+            # Check if hash file was created and has content
+            if os.path.exists(hash_file) and os.path.getsize(hash_file) > 0:
+                # Successfully extracted handshake data
+                result = [(self.bssid, None)] if self.bssid else [(None, self.essid)]
+                
+                # Clean up temp file
+                try:
+                    os.remove(hash_file)
+                except OSError:
+                    pass
+                
+                return result
+            else:
+                # No valid handshake data found
+                try:
+                    if os.path.exists(hash_file):
+                        os.remove(hash_file)
+                except OSError:
+                    pass
+                return []
+                
+        except Exception:
+            # If anything goes wrong, clean up and return empty
+            try:
+                if hash_file and os.path.exists(hash_file):
+                    os.remove(hash_file)
+            except (OSError, NameError):
+                pass
+            return []
+
     def analyze(self):
         """Prints analysis of handshake capfile"""
         self.divine_bssid_and_essid()
@@ -133,6 +202,9 @@ def analyze(self):
             Handshake.print_pairs(self.cowpatty_handshakes(), 'cowpatty')
 
         Handshake.print_pairs(self.aircrack_handshakes(), 'aircrack')
+        
+        if Process.exists('hcxpcapngtool'):
+            Handshake.print_pairs(self.hcxpcapngtool_handshakes(), 'hcxpcapng')
 
     def strip(self, outfile=None):
         # XXX: This method might break aircrack-ng, use at own risk.

wifite/model/target.py

@@ -72,7 +72,10 @@ def __init__(self, fields):
         self.manufacturer = None
         self.wps = WPSState.NONE
         self.bssid = fields[0].strip()
-        self.channel = fields[3].strip()
+        try:
+            self.channel = int(fields[3].strip())
+        except (ValueError, IndexError):
+            self.channel = -1
         self.encryption = fields[5].strip() # Contains encryption type(s) like "WPA2 WPA3 OWE"
         self.authentication = fields[7].strip() # Contains auth type(s) like "PSK SAE MGT"
 
@@ -208,7 +211,7 @@ def is_dragonblood_vulnerable(self):
 
     def validate(self):
         """ Checks that the target is valid. """
-        if self.channel == '-1':
+        if self.channel == -1:
             pass
 
         # Filter broadcast/multicast BSSIDs, see https://github.com/derv82/wifite2/issues/32

wifite/tools/hashcat.py

@@ -195,13 +195,13 @@ def generate_hash_file(handshake_obj, is_wpa3_sae, show_command=False):
         # Use mode 22000 format for both WPA2 and WPA3-SAE
         # Hashcat mode 22000 supports WPA-PBKDF2-PMKID+EAPOL (includes SAE)
         # Mode 22001 is for WPA-PMK-PMKID+EAPOL (pre-computed PMK)
-        
+
         # Create secure temporary file with proper permissions (0600)
         # Using NamedTemporaryFile with delete=False to prevent race conditions
         log_debug('HcxPcapngTool', 'Creating secure temporary hash file')
         with tempfile.NamedTemporaryFile(mode='w', suffix='.22000', delete=False, prefix='wifite_hash_') as tmp:
             hash_file = tmp.name
-        
+
         # Verify file permissions are secure (0600)
         os.chmod(hash_file, 0o600)
         log_debug('HcxPcapngTool', f'Created temporary hash file: {hash_file} (permissions: 0600)')
@@ -219,18 +219,18 @@ def generate_hash_file(handshake_obj, is_wpa3_sae, show_command=False):
 
             process = Process(command)
             stdout, stderr = process.get_output()
-            
+
             log_debug('HcxPcapngTool', f'hcxpcapngtool stdout: {stdout[:200]}...' if len(stdout) > 200 else f'hcxpcapngtool stdout: {stdout}')
             if stderr:
                 log_debug('HcxPcapngTool', f'hcxpcapngtool stderr: {stderr[:200]}...' if len(stderr) > 200 else f'hcxpcapngtool stderr: {stderr}')
-            
+
             if not os.path.exists(hash_file) or os.path.getsize(hash_file) == 0:
                 # Check if this is due to missing frames (common with airodump captures)
                 if 'no hashes written' in stdout.lower() or 'missing frames' in stdout.lower():
                     log_warning('HcxPcapngTool', 'Hash generation failed: capture quality issue (missing frames)')
-                    Color.pl('{!} {O}Warning: hcxpcapngtool could not extract hash (capture quality issue){W}')
-                    Color.pl('{!} {O}The capture file is missing required frames or metadata{W}')
-                    Color.pl('{!} {O}This is common with airodump-ng captures - consider using hcxdumptool instead{W}')
+                    #Color.pl('{!} {O}Warning: hcxpcapngtool could not extract hash (capture quality issue){W}')
+                    #Color.pl('{!} {O}The capture file is missing required frames or metadata{W}')
+                    #Color.pl('{!} {O}This is common with airodump-ng captures - consider using hcxdumptool instead{W}')
                     # Cleanup failed hash file
                     if os.path.exists(hash_file):
                         try:
@@ -240,7 +240,7 @@ def generate_hash_file(handshake_obj, is_wpa3_sae, show_command=False):
                             pass
                     # Return None to signal fallback to aircrack-ng should be used
                     return None
-                
+
                 # For other errors, provide detailed error message
                 error_msg = f'Failed to generate {"SAE hash" if is_wpa3_sae else "WPA/WPA2 hash"} file.'
                 error_msg += f'\nOutput from hcxpcapngtool:\nSTDOUT: {stdout}\nSTDERR: {stderr}'

wifite/tools/tshark.py

@@ -169,20 +169,51 @@ def check_for_wps_and_update_targets(capfile, targets):
         try:
             p.wait()
             lines = p.stdout()
+        except KeyboardInterrupt:
+            raise
+        except (OSError, IOError) as e:
+            from ..config import Configuration
+            if Configuration.verbose > 0:
+                from ..util.color import Color
+                Color.pl('{!} {O}Warning: tshark WPS detection failed: %s{W}' % str(e))
+            return
         except Exception as e:
-            if isinstance(e, KeyboardInterrupt):
-                raise KeyboardInterrupt from e
+            from ..config import Configuration
+            from ..util.color import Color
+            Color.pl('{!} {R}Unexpected error in WPS detection: %s{W}' % str(e))
+            if Configuration.verbose > 1:
+                import traceback
+                Color.pl('{!} {O}%s{W}' % traceback.format_exc())
             return
+        
         wps_bssids = set()
         locked_bssids = set()
+        
         for line in lines.split('\n'):
-            if ',' not in line:
+            line = line.strip()
+            if not line:
                 continue
-            bssid, locked = line.split(',')
-            if '1' not in locked:
-                wps_bssids.add(bssid.upper())
-            else:
+            
+            # Split on first comma only to handle trailing commas
+            parts = line.split(',', maxsplit=1)
+            
+            if len(parts) < 1:
+                continue
+            
+            bssid = parts[0].strip()
+            locked = parts[1].strip() if len(parts) > 1 else ''
+            
+            # Validate BSSID format (basic check: should be 17 chars with colons)
+            if len(bssid) != 17 or bssid.count(':') != 5:
+                continue
+            
+            # Check locked status - be specific!
+            # 0x01, 0x1, or 1 = locked
+            # Empty, 0x00, 0, or any other value = unlocked
+            if locked.lower() in ('0x01', '0x1', '1'):
                 locked_bssids.add(bssid.upper())
+            else:
+                wps_bssids.add(bssid.upper())
 
         for t in targets:
             target_bssid = t.bssid.upper()

wifite/util/crack.py

@@ -154,11 +154,39 @@ def get_handshakes(cls):
             else:
                 continue
 
-            name, essid, bssid, date = hs_file.split('_')
-            date = date.rsplit('.', 1)[0]
-            days, hours = date.split('T')
-            hours = hours.replace('-', ':')
-            date = f'{days} {hours}'
+            # Parse filename: name_essid_bssid_date.ext
+            # ESSID can contain underscores, so split from right
+            # Expected format: handshake_ESSID_AA-BB-CC-DD-EE-FF_20251031T120000.cap
+            try:
+                # Remove file extension first
+                filename_no_ext = hs_file.rsplit('.', 1)[0]
+                
+                # Split from right: last 3 parts are always bssid, date (and first is name)
+                parts = filename_no_ext.split('_')
+                
+                if len(parts) < 4:
+                    # Malformed filename, skip
+                    if Configuration.verbose > 0:
+                        Color.pl('{!} {O}Skipping malformed filename: %s{W}' % hs_file)
+                    continue
+                
+                # Extract parts: name is first, bssid and date are last two
+                name = parts[0]
+                date = parts[-1]
+                bssid = parts[-2]
+                # Everything in between is the ESSID (may contain underscores)
+                essid = '_'.join(parts[1:-2])
+                
+                # Parse date
+                days, hours = date.split('T')
+                hours = hours.replace('-', ':')
+                date = f'{days} {hours}'
+                
+            except (ValueError, IndexError) as e:
+                # Failed to parse filename
+                if Configuration.verbose > 0:
+                    Color.pl('{!} {O}Error parsing filename %s: %s{W}' % (hs_file, str(e)))
+                continue
 
             if hs_type == '4-WAY':
                 # Patch for essid with " " (zero) or dot "." in name
@@ -169,16 +197,29 @@ def get_handshakes(cls):
                 essid = essid if essid_discovery is None else essid_discovery
             elif hs_type == 'PMKID':
                 # Decode hex-encoded ESSID from passive PMKID capture
-                # Check if essid looks like hex (all characters are hex digits)
-                if all(c in '0123456789ABCDEFabcdef' for c in essid):
+                # Only decode if it looks like hex-encoded UTF-8 (not just valid hex)
+                # Criteria:
+                # 1. Length >= 16 (minimum for 8-char ESSID encoded as hex)
+                # 2. Even length (valid hex pairs)
+                # 3. All characters are hex digits
+                # 4. Decoded result is shorter than original (hex encoding expands)
+                # 5. Decoded result contains only printable characters
+                if (len(essid) >= 16 and 
+                    len(essid) % 2 == 0 and 
+                    all(c in '0123456789ABCDEFabcdef' for c in essid)):
                     try:
-                        # Try to decode from hex
-                        decoded_essid = bytes.fromhex(essid).decode('utf-8', errors='ignore')
-                        # Only use decoded version if it's not empty and looks reasonable
-                        if decoded_essid and len(decoded_essid) > 0:
+                        # Try to decode from hex (strict mode)
+                        decoded_essid = bytes.fromhex(essid).decode('utf-8', errors='strict')
+                        
+                        # Validate decoded result
+                        if (decoded_essid and 
+                            len(decoded_essid) > 0 and
+                            len(decoded_essid) < len(essid) and  # Hex encoding should be longer
+                            all(32 <= ord(c) <= 126 or ord(c) >= 128 for c in decoded_essid)):  # Printable chars
                             essid = decoded_essid
                     except (ValueError, UnicodeDecodeError):
                         # If decoding fails, keep the original hex string
+                        # This is expected for legitimate network names like "CAFE", "DEAD", etc.
                         pass
 
             handshake = {