{"id":13540250,"url":"https://github.com/lmammino/jwt-cracker","last_synced_at":"2025-04-11T11:48:56.524Z","repository":{"id":43040760,"uuid":"66794377","full_name":"lmammino/jwt-cracker","owner":"lmammino","description":"Simple HS256, HS384 \u0026 HS512 JWT token brute force cracker.","archived":false,"fork":false,"pushed_at":"2024-07-13T23:31:35.000Z","size":378,"stargazers_count":1096,"open_issues_count":12,"forks_count":163,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-03T14:08:38.130Z","etag":null,"topics":["alphabet","brute-force","brute-force-attacks","bruteforce","command","command-line","cracker","javascript","jwt","jwt-cracker","nodejs","secrets","security"],"latest_commit_sha":null,"homepage":"https://lmammino.github.io/jwt-cracker/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lmammino.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-28T22:39:52.000Z","updated_at":"2025-04-03T12:18:25.000Z","dependencies_parsed_at":"2023-02-14T06:30:45.592Z","dependency_job_id":"6fd9cde8-bcce-412e-8472-9bec5f7ff475","html_url":"https://github.com/lmammino/jwt-cracker","commit_stats":{"total_commits":29,"total_committers":8,"mean_commits":3.625,"dds":"0.31034482758620685","last_synced_commit":"859dc4e465785a98d0f28abd73d917d5c86a443b"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fjwt-cracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fjwt-cracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fjwt-cracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lmammino%2Fjwt-cracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lmammino","download_url":"https://codeload.github.com/lmammino/jwt-cracker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248388907,"owners_count":21095479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alphabet","brute-force","brute-force-attacks","bruteforce","command","command-line","cracker","javascript","jwt","jwt-cracker","nodejs","secrets","security"],"created_at":"2024-08-01T09:01:43.527Z","updated_at":"2025-04-11T11:48:56.501Z","avatar_url":"https://github.com/lmammino.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","Hash Cracking Tools","Miscellaneous","Weapons","Tools","\u003ca id=\"73c3c9225523cbb05333246f23342846\"\u003e\u003c/a\u003e工具"],"sub_categories":["Zealandia","JSON Web Token","Docker Containers of Penetration Testing Distributions and Tools","Tools","Hash Cracking Tools","\u003ca id=\"53084c21ff85ffad3dd9ce445684978b\"\u003e\u003c/a\u003e未分类的","Forensics"],"readme":" ![npm](https://img.shields.io/npm/dt/jwt-cracker.svg)\n [![npm](https://img.shields.io/npm/v/jwt-cracker.svg)](https://www.npmjs.com/package/jwt-cracker)\n [![Rawsec's CyberSecurity Inventory](https://inventory.raw.pm/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.raw.pm/tools.html#jwt-cracker)\n [![GitHub stars](https://img.shields.io/github/stars/lmammino/jwt-cracker.svg)](https://github.com/lmammino/jwt-cracker/stargazers)\n [![GitHub license](https://img.shields.io/github/license/lmammino/jwt-cracker.svg)](https://github.com/lmammino/jwt-cracker/blob/main/LICENSE)\n\n# jwt-cracker\n\nSimple HS256, HS384 \u0026 HS512 JWT token brute force cracker.\n\nEffective only to crack JWT tokens with weak secrets.\n**Recommendation**: Use strong long secrets or RS256 tokens.\n\n\n## Install\n\nWith npm:\n\n```bash\nnpm install --global jwt-cracker\n```\n\n\n## Usage\n\nFrom command line:\n\n```bash\njwt-cracker -t \u003ctoken\u003e [-a \u003calphabet\u003e] [--max \u003cmaxLength\u003e] [-d \u003cdictionaryFilePath\u003e] [-f]\n```\n\nWhere:\n\n* **token**: the full HS256-512 JWT token string to crack\n* **alphabet**: the alphabet to use for the brute force (default: \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\")\n* **maxLength**: the max length of the string generated during the brute force (default: 12)\n* **dictionaryFilePath**: path to a list of passwords (one per line) to use instead of brute force\n* **force**: force script to execute when the token isn't valid\n\n## Requirements\n\nThis script requires Node.js version 16.0.0 or higher\n\n## Example\n\nCracking the default [jwt.io example](https://jwt.io):\n\n```bash\njwt-cracker -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ -a abcdefghijklmnopqrstuwxyz --max 6\n```\n\nIt takes about 2 hours in a Macbook Pro (2.5GHz quad-core Intel Core i7).\n\nOr using a list of passwords taken from https://github.com/danielmiessler/SecLists\n\n```bash\njwt-cracker -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ -d darkweb2017-top10000.txt\n```\n\nIt takes less than a second.\n\n## Contributing\n\nEveryone is very welcome to contribute to this project.\nYou can contribute just by submitting bugs or suggesting improvements by\n[opening an issue on GitHub](https://github.com/lmammino/jwt-cracker/issues).\n\n\n## License\n\nLicensed under [MIT License](LICENSE). © Luciano Mammino.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flmammino%2Fjwt-cracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flmammino%2Fjwt-cracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flmammino%2Fjwt-cracker/lists"}