Documentation Index
Fetch the complete documentation index at: https://mintlify.com/V0rt3xS0urc3/RedTeam-Portfolio/llms.txt
Use this file to discover all available pages before exploring further.
auto-crack-wpa2.sh is a Hashcat wrapper that automates the most repetitive parts of WPA2 password recovery: locating wordlists, finding rules, detecting whether a GPU is available, converting .pcapng captures on the fly, and printing the cracked password if one is found. You point it at a handshake file, choose a mode, and it handles the rest — GPU acceleration, wordlist decompression, and potfile display included.
Full WPA2 Cracking Workflow
Phase 0 — Hardware Preparation
You need a USB WiFi adapter that supports monitor mode and packet injection. Most internal laptop cards do not support these features.Recommended adapters:Verify driver support for monitor mode:
- Alfa AWUS036NHA
- TP-Link TL-WN722N v1 (v2/v3 do not support injection)
- Panda PAU09
Phase 1 — Capture the Handshake
Launch the container in WPA2 mode (privileged, required for Inside the container, activate monitor mode on your USB adapter:Optionally scan nearby networks to identify your target channel:Capture the handshake with
hcxdumptool):hcxdumptool (replace 6 with your target channel):Phase 2 — Convert the Capture
Convert the raw The output should report at least one WPA pair recovered:
.pcapng to Hashcat’s native .hc22000 format:If the count is
0, no usable handshake was captured. Return to Phase 1 and capture again — a full four-way handshake requires a client to (re)connect while you are listening.Phase 3 — Crack with auto-crack-wpa2.sh
Run the script in quick mode (recommended starting point):The script automatically:
- Detects whether an NVIDIA GPU is available via
hashcat -I - Resolves the wordlist path, decompressing
.gzfiles if needed - Resolves the rule path from
/root/pentest/rules/then/usr/share/hashcat/rules/ - Builds and executes the
hashcat -m 22000command - Displays the potfile contents when finished
.pcapng file directly, the script converts it automatically before cracking:Script Usage
Synopsis
Flags
| Flag | Description | Default |
|---|---|---|
-q | Quick mode: rockyou.txt + best64.rule | — |
-r <rule> | Hashcat rule filename | best64.rule |
-w <wordlist> | Wordlist filename | rockyou.txt |
-c | Force CPU mode (-D 1) | GPU if available |
<file> | Input .hc22000 or .pcapng file | required |
-q is a shorthand that sets both -w rockyou.txt and -r best64.rule simultaneously. Argument order matters: flags are processed left to right, so any -w or -r supplied after -q will override the quick-mode defaults.Examples
Complete One-Block Workflow
Copy and paste this entire block inside a container launched with./run-kali.sh wpa2:
File Paths Inside the Container
| Purpose | Path |
|---|---|
| Handshake captures | /root/pentest/handshakes/ |
| Cracked passwords and results | /root/pentest/loot/ |
| Hashcat rule files | /root/pentest/rules/ |
| Custom wordlists | /root/pentest/wordlists/ |
| System wordlists (host mount) | /host-wordlists/ |
| Built-in Hashcat rules | /usr/share/hashcat/rules/ |
/root/pentest/ map to the ./data/ directory on your host machine through the Docker volume mount, so captures and results persist after the container exits.
Tips
- Always use
-Owith Hashcat — optimized kernels are faster for passwords under 32 characters and are included by default inauto-crack-wpa2.sh. - Store captures in
/root/pentest/handshakes/— this directory is synced to./data/handshakes/on your host and survives container restarts. - Use larger wordlists when
rockyou.txtfails — try SecLists for a broader dictionary: - Layer rules on top of wordlists — rule files mutate each candidate (capitalization, number suffixes, leet substitution).
d3ad0ne.rulecovers more mutations thanbest64.ruleat the cost of more time. - Resume interrupted attacks — Hashcat saves progress automatically and can pick up where it left off: