Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ivan-sincek/jwt-bf

Brute force a JWT token. Script uses multithreading.
https://github.com/ivan-sincek/jwt-bf

brute-force bug-bounty cracking dictionary-attack ethical-hacking jwt offensive-security penetration-testing python red-team-engagement security web web-penetration-testing

Last synced: about 1 month ago
JSON representation

Brute force a JWT token. Script uses multithreading.

Awesome Lists containing this project

README 

        
# JWT BF



Brute force a JWT token. Script uses multithreading.



Tested on Kali Linux v2023.4 (64-bit).



Made for educational purposes. I hope it will help!



## How to Run



Open your preferred console from [/src/](https://github.com/ivan-sincek/jwt-bf/tree/main/src) and run the commands shown below.



Install required packages:



```fundamental

pip3 install -r requirements.txt

```



Run the script:



```fundamental

python3 jwt_bf.py

```



## Usage



```fundamental

JWT BF v2.2 ( github.com/ivan-sincek/jwt-bf )



Usage:   python3 jwt_bf.py -w wordlist    -t token       [-th threads]

Example: python3 jwt_bf.py -w secrets.txt -t xxx.yyy.zzz [-th 50     ]



DESCRIPTION

    Brute force a JWT token

WORDLIST

    Wordlist to use

    Spacing will be stripped, empty lines ignored, and duplicates removed

    -w  - secrets.txt | etc.

TOKEN

    JWT token to crack

    -t  - xxx.yyy.zzz | etc.

THREADS

    Number of parallel threads to run

    Wordlist will be split equally between threads

    Default: 10

    -th  - 50 | etc.

```