Created
August 20, 2025 09:13
-
-
Save fyxme/aad64a7c6f7552391e2930dd7bce668a to your computer and use it in GitHub Desktop.
This script generates a hashcat compatible hash (mode 22000) from a given WiFi SSID and password.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| WiFi Hash Generator for Hashcat Type 22000 (WPA/WPA2/WPA3) | |
| This script generates a hashcat compatible hash (type 22000) from a given WiFi SSID and password. | |
| The format follows the hashcat 22000 specification for WPA/WPA2/WPA3 handshakes. | |
| Usage: | |
| python wifi_hash_generator.py <SSID> <password> | |
| python wifi_hash_generator.py --ssid "MyNetwork" --password "mypassword123" | |
| """ | |
| import argparse | |
| import hashlib | |
| import hmac | |
| import os | |
| import sys | |
| def generate_pmk(ssid: str, password: str) -> bytes: | |
| """Generate Pairwise Master Key (PMK) using PBKDF2-HMAC-SHA1""" | |
| return hashlib.pbkdf2_hmac('sha1', password.encode('utf-8'), ssid.encode('utf-8'), 4096, 32) | |
| def generate_pmkid_hash(ssid: str, password: str) -> str: | |
| """Generate hashcat 22000 PMKID format hash""" | |
| pmk = generate_pmk(ssid, password) | |
| # Generate random MAC addresses | |
| ap_mac = os.urandom(6) | |
| client_mac = os.urandom(6) | |
| # Ensure locally administered bit is set | |
| ap_mac = bytes([ap_mac[0] | 0x02]) + ap_mac[1:] | |
| client_mac = bytes([client_mac[0] | 0x02]) + client_mac[1:] | |
| # Generate PMKID | |
| pmk_name = b"PMK Name" | |
| data = pmk_name + ap_mac + client_mac | |
| pmkid = hmac.new(pmk, data, hashlib.sha1).digest()[:16] | |
| # Format: WPA*01*PMKID*MAC_AP*MAC_STA*ESSID*** | |
| ssid_hex = ssid.encode('utf-8').hex() | |
| return f"WPA*01*{pmkid.hex()}*{ap_mac.hex()}*{client_mac.hex()}*{ssid_hex}***" | |
| def generate_handshake_hash(ssid: str, password: str) -> str: | |
| """Generate hashcat 22000 handshake format hash""" | |
| pmk = generate_pmk(ssid, password) | |
| # Generate random MAC addresses and nonces | |
| ap_mac = os.urandom(6) | |
| client_mac = os.urandom(6) | |
| anonce = os.urandom(32) | |
| snonce = os.urandom(32) | |
| # Ensure locally administered bit is set | |
| ap_mac = bytes([ap_mac[0] | 0x02]) + ap_mac[1:] | |
| client_mac = bytes([client_mac[0] | 0x02]) + client_mac[1:] | |
| # Create simplified EAPOL frame | |
| eapol_frame = ( | |
| b'\x02\x03\x00\x5f\x02\x01\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00' + | |
| b'\x00' * 80 # Simplified frame data | |
| ) | |
| # Calculate MIC | |
| mic = hmac.new(pmk, eapol_frame, hashlib.sha1).digest()[:16] | |
| # Format: WPA*02*MAC_AP*MAC_STA*ESSID*ANONCE*SNONCE*EAPOL*MIC*message_pair*nonce_error_corrections***tag* | |
| ssid_hex = ssid.encode('utf-8').hex() | |
| return f"WPA*02*{ap_mac.hex()}*{client_mac.hex()}*{ssid_hex}*{anonce.hex()}*{snonce.hex()}*{eapol_frame.hex()}*{mic.hex()}*00*0***" | |
| def main(): | |
| parser = argparse.ArgumentParser(description='Generate hashcat 22000 WiFi hashes') | |
| parser.add_argument('ssid', nargs='?', help='WiFi network SSID') | |
| parser.add_argument('password', nargs='?', help='WiFi password') | |
| parser.add_argument('--ssid', dest='ssid_flag', help='WiFi network SSID') | |
| parser.add_argument('--password', dest='password_flag', help='WiFi password') | |
| parser.add_argument('--type', choices=['pmkid', 'handshake'], default='pmkid', | |
| help='Hash type to generate (default: pmkid)') | |
| parser.add_argument('--output', '-o', help='Output file to save hashes') | |
| args = parser.parse_args() | |
| # Get SSID and password from args | |
| ssid = args.ssid or args.ssid_flag | |
| password = args.password or args.password_flag | |
| if not ssid or not password: | |
| print("Error: Both SSID and password are required", file=sys.stderr) | |
| parser.print_help() | |
| sys.exit(1) | |
| try: | |
| if args.type == 'pmkid': | |
| hash_line = generate_pmkid_hash(ssid, password) | |
| else: | |
| hash_line = generate_handshake_hash(ssid, password) | |
| if args.output: | |
| with open(args.output, 'a') as f: | |
| f.write(hash_line + '\n') | |
| print(f"Hash saved to {args.output}") | |
| else: | |
| print(hash_line) | |
| except Exception as e: | |
| print(f"Error generating hash: {e}", file=sys.stderr) | |
| sys.exit(1) | |
| if __name__ == "__main__": | |
| main() |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Written as part of blog post: ISP Default WiFi Passwords Are Costlier to Keep Than to Crack (Value optimised Cloud GPU password cracking)