Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

jwt-cracker - Simple HS256 JWT Token Brute Force Cracker

$
0
0

Simple HS256 JWT token brute force cracker.
Effective only to crack JWT tokens with weak secrets.
Recommendation: Use strong long secrets or RS256 tokens.

Install
With npm:
npm install --global jwt-cracker

Usage
From command line:
jwt-cracker <token> [<alphabet>] [<maxLength>]
Where:
  • token: the full HS256 JWT token string to crack
  • alphabet: the alphabet to use for the brute force (default: "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789")
  • maxLength: the max length of the string generated during the brute force (default: 12)

Requirements
This script requires Node.js version 6.0.0 or higher

Example
Cracking the default jwt.io example:
jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" "abcdefghijklmnopqrstuwxyz" 6
It takes about 2 hours in a Macbook Pro (2.5GHz quad-core Intel Core i7).



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>