https://github.com/sjord/jwtcrack

Crack the shared secret of a HS256-signed JWT
https://github.com/sjord/jwtcrack

agpl-v3 jwt

Last synced: 3 months ago
JSON representation

Crack the shared secret of a HS256-signed JWT

Host: GitHub
URL: https://github.com/sjord/jwtcrack
Owner: Sjord
License: agpl-3.0
Created: 2016-08-24T12:29:46.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2023-11-03T15:45:59.000Z (over 1 year ago)
Last Synced: 2025-03-31T11:02:49.766Z (3 months ago)
Topics: agpl-v3, jwt
Language: Python
Homepage: https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/
Size: 22.5 KB
Stars: 240
Watchers: 5
Forks: 72
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

Crack a HS256, HS384 or HS512-signed JWT. You need `PyJWT` and `tqdm` for these scripts:

pip install PyJWT tqdm

## crackjwt.py

crackjwt.py JWT dictionary.txt

Try to verify the signature on the JWT using all words in `dictionary.txt` (one per line).

## jwt2john

jwt2john.py JWT

Convert a JWT to a format John the Ripper can understand.

[John the Ripper](https://github.com/magnumripper/JohnTheRipper) now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing [`SALT_LIMBS` in the source code](https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/hmacSHA256_fmt_plug.c#L64).

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/sjord/jwtcrack

Awesome Lists containing this project

README