https://github.com/hemantsonu20/jwt-cracker
A multi-threaded jwt cracker via brute force approach
https://github.com/hemantsonu20/jwt-cracker
java java-8 jwt jwt-cracker jwt-token maven sonar spring-boot travis-ci
Last synced: about 1 year ago
JSON representation
A multi-threaded jwt cracker via brute force approach
- Host: GitHub
- URL: https://github.com/hemantsonu20/jwt-cracker
- Owner: hemantsonu20
- License: apache-2.0
- Created: 2017-01-23T16:18:15.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-03-06T13:56:58.000Z (over 3 years ago)
- Last Synced: 2025-03-25T05:09:27.995Z (over 1 year ago)
- Topics: java, java-8, jwt, jwt-cracker, jwt-token, maven, sonar, spring-boot, travis-ci
- Language: Java
- Homepage:
- Size: 13.6 MB
- Stars: 1
- Watchers: 1
- Forks: 7
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://travis-ci.com/hemantsonu20/jwt-cracker)
[](https://sonarcloud.io/dashboard?id=com.github.hemantsonu20%3Ajwt-cracker)
[](https://sonarcloud.io/dashboard?id=com.github.hemantsonu20%3Ajwt-cracker)
[](https://sonarcloud.io/dashboard?id=com.github.hemantsonu20%3Ajwt-cracker)
[](https://sonarcloud.io/dashboard?id=com.github.hemantsonu20%3Ajwt-cracker)
[](https://sonarcloud.io/dashboard?id=com.github.hemantsonu20%3Ajwt-cracker)
[](https://sonarcloud.io/dashboard?id=com.github.hemantsonu20%3Ajwt-cracker)
# jwt-cracker
A multi-threaded JWT cracker via brute force approach.
## JAVA-DOCS
Java-docs for this project is checked in [docs](/docs/apidocs) folder.
After every successful commit on master branch, it is automatically updated via CI. Here is the [link](https://hemantsonu20.github.io/jwt-cracker/apidocs/).
## USAGE
Downlaod the project and run mvn clean package. A jar will be created in your {projectdir}/target directory.
Or you can get updated jar from the [releases](https://github.com/hemantsonu20/jwt-cracker/releases) section.
## Command Line Options
| Flags | Descriptions | Required | Default |
| --------------------- |------------- | ----- | -------- |
| "-t", "--token" | jwt token to be cracked | true | No Default |
| "-mt", "--max-threads" | max no of threads to be used | false | 20 |
| "-l", "--length" | max possible length of the jwt secret key | true | 10 |
| "-c", "--chars" | charset to be included combination of a-z, A-Z and 0-9 only | true | a-zA-Z0-9 |
## Examples
1. java -jar target/jwt-cracker-0.0.1-SNAPSHOT.jar -c a-z -t eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwianRpIjoiZTczMWJhZWYtNzA5MS00YTMxLWJjOWUtOWI5NWY3ZWZkOGY5IiwiaWF0IjoxNDg1MzMwMTk5LCJleHAiOjE0ODUzMzM3OTl9.t-pea7zd3MRfPI2M8hRKFum-4RY0l4xqbCUIyh8kiAc
**Output**
password cracked: [powers]
total time taken [hh::mm:ss:SSS] 0:11:38.600
2. java -jar target/jwt-cracker-0.0.1-SNAPSHOT.jar -c a-z -t eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwianRpIjoiNzM4YmY5N2YtMzZiZi00MGViLWEwNzAtYWIyNjU2ODBkYzI2IiwiaWF0IjoxNDg1MzI5ODQ2LCJleHAiOjE0ODUzMzM0NDZ9.nbvi9BQJHbfPxAzGZHO6YbfKqAxrCjedJPPVnD0_QLY
**Output**
password cracked: [power]
total time taken [hh::mm:ss:SSS] 0:00:26.349
3. java -jar target/jwt-cracker-0.0.1-SNAPSHOT.jar -c a-z0-9 -t eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwianRpIjoiN2JiODdjOGItMzJiMS00NTk3LWFlMGYtMmI1MWY3MTQ1YjNlIiwiaWF0IjoxNDg1MzM2NTkzLCJleHAiOjE0ODUzNDAxOTN9.sxua3rDJcSH0cKWu5F6v0Xq__1DZ5HdjcnRfwWqnEpA
**Output**
password cracked: [new123]
total time taken [hh::mm:ss:SSS] 0:20:52.520
4. java -jar target/jwt-cracker-0.0.1-SNAPSHOT.jar -c a-z0-9 -t eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwianRpIjoiN2JiODdjOGItMzJiMS00NTk3LWFlMGYtMmI1MWY3MTQ1YjNlIiwiaWF0IjoxNDg1MzM2NTkzLCJleHAiOjE0ODUzNDAxOTN9.sxua3rDJcSH0cKWu5F6v0Xq__1DZ5HdjcnRfwWqnEpA -mt 50
**Output**
password cracked: [new123]
total time taken [hh::mm:ss:SSS] 0:38:19.124
5. java -jar target/jwt-cracker-0.0.1-SNAPSHOT.jar -c a-z0-9 -t eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwianRpIjoiN2JiODdjOGItMzJiMS00NTk3LWFlMGYtMmI1MWY3MTQ1YjNlIiwiaWF0IjoxNDg1MzM2NTkzLCJleHAiOjE0ODUzNDAxOTN9.sxua3rDJcSH0cKWu5F6v0Xq__1DZ5HdjcnRfwWqnEpA -mt 4
**Output**
password cracked: [new123]
total time taken [hh::mm:ss:SSS] 1:01:22.845
## Note
* Its not always beneficial to use more thread for better performance.
* See example 3 (20 thread), example 4 (50 thread) and example 5 (4 thread). More threads may add overhead of context switch to the system resulting in performance degradation.
* All above tests were executed on my system with Intel i5 @3.20GHz 2 physical core, 8 GB RAM.