Awesome
Crack a HS256, HS384 or HS512-signed JWT. You need PyJWT
and tqdm
for these scripts:
pip install PyJWT tqdm
crackjwt.py
crackjwt.py JWT dictionary.txt
Try to verify the signature on the JWT using all words in dictionary.txt
(one per line).
jwt2john
jwt2john.py JWT
Convert a JWT to a format John the Ripper can understand.
John the Ripper now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing SALT_LIMBS
in the source code.