Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lmammino/distributed-jwt-cracker
An experimental distributed JWT token cracker built using Node.js and ZeroMQ
https://github.com/lmammino/distributed-jwt-cracker
article brute-force brute-force-attacks bruteforce cracker cracking-jwt-tokens distributed distributed-systems jwt node node-tutorial nodejs tutorial zeromq
Last synced: 2 days ago
JSON representation
An experimental distributed JWT token cracker built using Node.js and ZeroMQ
- Host: GitHub
- URL: https://github.com/lmammino/distributed-jwt-cracker
- Owner: lmammino
- License: mit
- Created: 2016-09-11T13:50:04.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2024-09-07T08:08:05.000Z (28 days ago)
- Last Synced: 2024-09-07T09:25:27.950Z (28 days ago)
- Topics: article, brute-force, brute-force-attacks, bruteforce, cracker, cracking-jwt-tokens, distributed, distributed-systems, jwt, node, node-tutorial, nodejs, tutorial, zeromq
- Language: JavaScript
- Homepage: https://lmammino.github.io/distributed-jwt-cracker/
- Size: 387 KB
- Stars: 53
- Watchers: 3
- Forks: 9
- Open Issues: 14
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# distributed-jwt-cracker
An experimental distributed JWT token cracker built using Node.js and ZeroMQ.
It can be used to discover the password (or "secret") of an unencrypted JWT token
using a **HS256** signature.[![npm download](https://img.shields.io/npm/dt/distributed-jwt-cracker.svg)](https://www.npmjs.com/package/distributed-jwt-cracker)
[![npm version](https://badge.fury.io/js/distributed-jwt-cracker.svg)](http://badge.fury.io/js/distributed-jwt-cracker)
[![Build Status](https://travis-ci.org/lmammino/distributed-jwt-cracker.svg?branch=master)](https://travis-ci.org/lmammino/distributed-jwt-cracker)
[![codecov.io](https://codecov.io/gh/lmammino/distributed-jwt-cracker/coverage.svg?branch=master)](https://codecov.io/gh/lmammino/distributed-jwt-cracker)
[![Rawsec's CyberSecurity Inventory](https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.rawsec.ml/tools.html#distributed-jwt-cracker)
[![GitHub stars](https://img.shields.io/github/stars/lmammino/distributed-jwt-cracker.svg)](https://github.com/lmammino/distributed-jwt-cracker/stargazers)
[![GitHub license](https://img.shields.io/github/license/lmammino/distributed-jwt-cracker.svg)](https://github.com/lmammino/distributed-jwt-cracker/blob/master/LICENSE)## Install
Through NPM:
```bash
npm i -g distributed-jwt-cracker
```Requires [ZeroMq libraries](http://zeromq.org/intro:get-the-software) to be already installed in your machine.
## Usage
### Server
To start a new server:```bash
jwt-cracker-server [options]
```The following options are available:
| option | description | type | default |
| --- | --- | --- | --- |
| -p, --port | The port used to accept incoming connections | number | 9900 |
| -P, --pubPort | The port used to publish signals to all the workers | number | 9901 |
| -a, --alphabet | The alphabet used to generate the passwords | string | "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789" |
| -b, --batchSize | The number of attempts assigned to every client in a batch | number | 1000000 |
| -s, --start | The index from where to start the search | number | 0 |Example, using the example [JWT.io](https://jwt.io) token over a simple alphabet:
```bash
jwt-cracker-server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ -a=abcdefghijklmnopqrstuwxyz
```### Client
To start a new client:
```bash
jwt-cracker-client [options]
```The following options are available:
| option | description | type | default |
| --- | --- | --- | --- |
| -h, --host | The hostname of the server | string | "localhost" |
| -p, --port | The port used to connect to the batch server | number | 9900 |
| -P, --pubPort | The port used to subscribe to broadcast signals (e.g. exit) | number | 9901 |Example:
```bash
jwt-cracker-client --host=localhost --port=9900 --pubPort=9901
```## The making of
This project has been thoroughly discussed in two articles published on RisingStack community blog:
- [ZeroMQ & Node.js Tutorial - Cracking JWT Tokens (Part 1.)](https://community.risingstack.com/zeromq-node-js-cracking-jwt-tokens-1/)
- [ZeroMQ & Node.js Tutorial - Cracking JWT Tokens (Part 2.)](https://community.risingstack.com/zeromq-node-js-cracking-jwt-tokens-part2/)
[![ZeroMQ & Node.js Tutorial - Cracking JWT Tokens](https://blog-assets.risingstack.com/community/luciano/zeromq-nodejs-tutorial-cracking-jwt-tokens.png)](https://community.risingstack.com/zeromq-node-js-cracking-jwt-tokens-1/)## Contributing
Everyone is very welcome to contribute to this project.
You can contribute just by submitting bugs or suggesting improvements by
[opening an issue on GitHub](https://github.com/lmammino/distributed-jwt-cracker/issues).## License
Licensed under [MIT License](LICENSE). © Luciano Mammino.