Native format of Hashcat password "recovery" utility.
A sample of file for testing can be downloaded from https://web.archive.org/web/20150220013635if_/http://hashcat.net:80/misc/example_hashes/hashcat.hccap
This page hosts a formal specification of Hashcat capture file (old version) using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
digraph {
rankdir=LR;
node [shape=plaintext];
subgraph cluster__hccap {
label="Hccap";
graph[style=dotted];
hccap__seq [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
<TR><TD PORT="records_pos">0</TD><TD PORT="records_size">392</TD><TD>HccapRecord</TD><TD PORT="records_type">records</TD></TR>
<TR><TD COLSPAN="4" PORT="records__repeat">repeat to end of stream</TD></TR>
</TABLE>>];
subgraph cluster__hccap_record {
label="Hccap::HccapRecord";
graph[style=dotted];
hccap_record__seq [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
<TR><TD PORT="essid_pos">0</TD><TD PORT="essid_size">36</TD><TD></TD><TD PORT="essid_type">essid</TD></TR>
<TR><TD PORT="mac_ap_pos">36</TD><TD PORT="mac_ap_size">6</TD><TD></TD><TD PORT="mac_ap_type">mac_ap</TD></TR>
<TR><TD PORT="mac_station_pos">42</TD><TD PORT="mac_station_size">6</TD><TD></TD><TD PORT="mac_station_type">mac_station</TD></TR>
<TR><TD PORT="nonce_station_pos">48</TD><TD PORT="nonce_station_size">32</TD><TD></TD><TD PORT="nonce_station_type">nonce_station</TD></TR>
<TR><TD PORT="nonce_ap_pos">80</TD><TD PORT="nonce_ap_size">32</TD><TD></TD><TD PORT="nonce_ap_type">nonce_ap</TD></TR>
<TR><TD PORT="eapol_buffer_pos">112</TD><TD PORT="eapol_buffer_size">256</TD><TD>EapolDummy</TD><TD PORT="eapol_buffer_type">eapol_buffer</TD></TR>
<TR><TD PORT="len_eapol_pos">368</TD><TD PORT="len_eapol_size">4</TD><TD>u4le</TD><TD PORT="len_eapol_type">len_eapol</TD></TR>
<TR><TD PORT="keyver_pos">372</TD><TD PORT="keyver_size">4</TD><TD>u4le</TD><TD PORT="keyver_type">keyver</TD></TR>
<TR><TD PORT="keymic_pos">376</TD><TD PORT="keymic_size">16</TD><TD></TD><TD PORT="keymic_type">keymic</TD></TR>
</TABLE>>];
hccap_record__inst__eapol [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
<TR><TD PORT="eapol_pos">0</TD><TD PORT="eapol_size">len_eapol</TD><TD></TD><TD PORT="eapol_type">eapol</TD></TR>
</TABLE>>];
}
subgraph cluster__eapol_dummy {
label="Hccap::EapolDummy";
graph[style=dotted];
eapol_dummy__seq [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
</TABLE>>];
}
}
hccap__seq:records_type -> hccap_record__seq [style=bold];
hccap_record__seq:eapol_buffer_type -> eapol_dummy__seq [style=bold];
hccap_record__seq:len_eapol_type -> hccap_record__inst__eapol:eapol_size [color="#404040"];
}