Skip to content

H1d3r/jwt-cracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

jwt-cracker

Simple HS256 JWT token brute force cracker.

Effective only to crack JWT tokens with weak secrets. Recommendation: Use strong long secrets or RS256 tokens.

Install

With npm:

npm install --global jwt-cracker

Usage

From command line:

jwt-cracker <token> [<alphabet>] [<maxLength>]

Where:

  • token: the full HS256 JWT token string to crack
  • alphabet: the alphabet to use for the brute force (default: "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789")
  • maxLength: the max length of the string generated during the brute force (default: 12)

Contributing

Everyone is very welcome to contribute to this project. You can contribute just by submitting bugs or suggesting improvements by opening an issue on GitHub.

License

Licensed under MIT License. © Luciano Mammino.

About

Simple HS256 JWT token brute force cracker

lmammino.github.io/jwt-cracker/

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • JavaScript 100.0%