Skip to content

Sjord/jwtcrack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
crackjwt.py
crackjwt.py
 
 
jwt2john.py
jwt2john.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Crack a HS256, HS384 or HS512-signed JWT. You need PyJWT and tqdm for these scripts:

pip install PyJWT tqdm

crackjwt.py

crackjwt.py JWT dictionary.txt

Try to verify the signature on the JWT using all words in dictionary.txt (one per line).

jwt2john

jwt2john.py JWT

Convert a JWT to a format John the Ripper can understand.

John the Ripper now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing SALT_LIMBS in the source code.

About

Crack the shared secret of a HS256-signed JWT

www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/

Topics

jwt agpl-v3

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

221 stars

Watchers

6 watching

Forks

74 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages