https://github.com/wallarm/jwt-secrets
https://github.com/wallarm/jwt-secrets
Last synced: about 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/wallarm/jwt-secrets
- Owner: wallarm
- License: mit
- Created: 2020-09-02T18:49:54.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2025-03-12T06:46:48.000Z (over 1 year ago)
- Last Synced: 2025-03-12T07:29:53.972Z (over 1 year ago)
- Size: 2.13 MB
- Stars: 815
- Watchers: 21
- Forks: 178
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# jwt-secrets
The goal for this project was to find as many public-available JWT secrets as possible to help developers and DevOpses identify it by traffic analysis at the Wallarm NGWAF level.
For now (10/02/2020) the list consists of 3502
We focused on Google search and GitHub dorks by using mainly two query patterns:
1. ```jwt example +TECHNOLOGY``` where the ```TECHNOLOGY``` is the language itself like PHP, Ruby, Rails, or framework like ExpressJS, Struts of Flask.
1. Google BigQuery search based on 3M GitHub projects
This repository is automatically connected with the JWT heartbreaker Burp extension (see: https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/)