{"id":15645807,"url":"https://github.com/lmammino/distributed-jwt-cracker","last_synced_at":"2025-03-15T18:10:52.488Z","repository":{"id":10992803,"uuid":"67932426","full_name":"lmammino/distributed-jwt-cracker","owner":"lmammino","description":"An experimental distributed JWT token cracker built using Node.js and ZeroMQ","archived":false,"fork":false,"pushed_at":"2024-09-07T08:08:05.000Z","size":396,"stargazers_count":55,"open_issues_count":14,"forks_count":9,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-28T07:56:03.792Z","etag":null,"topics":["article","brute-force","brute-force-attacks","bruteforce","cracker","cracking-jwt-tokens","distributed","distributed-systems","jwt","node","node-tutorial","nodejs","tutorial","zeromq"],"latest_commit_sha":null,"homepage":"https://lmammino.github.io/distributed-jwt-cracker/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lmammino.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-09-11T13:50:04.000Z","updated_at":"2025-02-26T09:31:06.000Z","dependencies_parsed_at":"2023-11-30T15:48:46.567Z","dependency_job_id":null,"html_url":"https://github.com/lmammino/distributed-jwt-cracker","commit_stats":{"total_commits":22,"total_committers":2,"mean_commits":11.0,"dds":"0.045454545454545414","last_synced_commit":"d21bd1e5e60958b0709383b081926a896641b088"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fdistributed-jwt-cracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fdistributed-jwt-cracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fdistributed-jwt-cracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fdistributed-jwt-cracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lmammino","download_url":"https://codeload.github.com/lmammino/distributed-jwt-cracker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243663586,"owners_count":20327306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["article","brute-force","brute-force-attacks","bruteforce","cracker","cracking-jwt-tokens","distributed","distributed-systems","jwt","node","node-tutorial","nodejs","tutorial","zeromq"],"created_at":"2024-10-03T12:09:55.144Z","updated_at":"2025-03-15T18:10:52.463Z","avatar_url":"https://github.com/lmammino.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# distributed-jwt-cracker\n\nAn experimental distributed JWT token cracker built using Node.js and ZeroMQ.\nIt can be used to discover the password (or \"secret\") of an unencrypted JWT token\nusing a **HS256** signature.\n\n[![npm download](https://img.shields.io/npm/dt/distributed-jwt-cracker.svg)](https://www.npmjs.com/package/distributed-jwt-cracker)\n[![npm version](https://badge.fury.io/js/distributed-jwt-cracker.svg)](http://badge.fury.io/js/distributed-jwt-cracker)\n[![Build Status](https://travis-ci.org/lmammino/distributed-jwt-cracker.svg?branch=master)](https://travis-ci.org/lmammino/distributed-jwt-cracker)\n[![codecov.io](https://codecov.io/gh/lmammino/distributed-jwt-cracker/coverage.svg?branch=master)](https://codecov.io/gh/lmammino/distributed-jwt-cracker)\n [![Rawsec's CyberSecurity Inventory](https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.rawsec.ml/tools.html#distributed-jwt-cracker)\n  [![GitHub stars](https://img.shields.io/github/stars/lmammino/distributed-jwt-cracker.svg)](https://github.com/lmammino/distributed-jwt-cracker/stargazers)\n [![GitHub license](https://img.shields.io/github/license/lmammino/distributed-jwt-cracker.svg)](https://github.com/lmammino/distributed-jwt-cracker/blob/master/LICENSE)\n\n\n## Install\n\nThrough NPM:\n\n```bash\nnpm i -g distributed-jwt-cracker\n```\n\nRequires [ZeroMq libraries](http://zeromq.org/intro:get-the-software) to be already installed in your machine.\n\n## Usage\n\n### Server\nTo start a new server:\n\n```bash\njwt-cracker-server \u003cjwtToken\u003e [options]\n```\n\nThe following options are available:\n\n| option | description | type | default |\n| --- | --- | --- | --- |\n| -p, --port | The port used to accept incoming connections | number | 9900 |\n| -P, --pubPort | The port used to publish signals to all the workers | number | 9901 |\n| -a, --alphabet | The alphabet used to generate the passwords | string | \"abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789\" |\n| -b, --batchSize | The number of attempts assigned to every client in a batch | number | 1000000 |\n| -s, --start | The index from where to start the search | number | 0 |\n\nExample, using the example [JWT.io](https://jwt.io) token over a simple alphabet:\n\n```bash\njwt-cracker-server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ -a=abcdefghijklmnopqrstuwxyz\n```\n\n### Client\n\nTo start a new client:\n\n```bash\njwt-cracker-client [options]\n```\n\nThe following options are available:\n\n| option | description | type | default |\n| --- | --- | --- | --- |\n| -h, --host | The hostname of the server | string | \"localhost\" |\n| -p, --port | The port used to connect to the batch server | number | 9900 |\n| -P, --pubPort | The port used to subscribe to broadcast signals (e.g. exit) | number | 9901 |\n\nExample:\n\n```bash\njwt-cracker-client --host=localhost --port=9900 --pubPort=9901\n```\n\n\n## The making of\n\nThis project has been thoroughly discussed in two articles published on RisingStack community blog:\n \n - [ZeroMQ \u0026 Node.js Tutorial - Cracking JWT Tokens (Part 1.)](https://community.risingstack.com/zeromq-node-js-cracking-jwt-tokens-1/)\n - [ZeroMQ \u0026 Node.js Tutorial - Cracking JWT Tokens (Part 2.)](https://community.risingstack.com/zeromq-node-js-cracking-jwt-tokens-part2/)\n \n[![ZeroMQ \u0026 Node.js Tutorial - Cracking JWT Tokens](https://blog-assets.risingstack.com/community/luciano/zeromq-nodejs-tutorial-cracking-jwt-tokens.png)](https://community.risingstack.com/zeromq-node-js-cracking-jwt-tokens-1/)\n\n\n## Contributing\n\nEveryone is very welcome to contribute to this project.\nYou can contribute just by submitting bugs or suggesting improvements by\n[opening an issue on GitHub](https://github.com/lmammino/distributed-jwt-cracker/issues).\n\n\n## License\n\nLicensed under [MIT License](LICENSE). © Luciano Mammino.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flmammino%2Fdistributed-jwt-cracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flmammino%2Fdistributed-jwt-cracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flmammino%2Fdistributed-jwt-cracker/lists"}