Skip to content
Crack the shared secret of a HS256-signed JWT
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
crackjwt.py Added support for more algorithms Oct 16, 2019
jwt2john.py
requirements.txt Add PyJWT as requirement Aug 24, 2016

README.md

Crack a HS256, HS384 or HS512-signed JWT. You need PyJWT for these scripts:

pip install PyJWT

crackjwt.py

crackjwt.py JWT dictionary.txt

Try to verify the signature on the JWT using all words in dictionary.txt (one per line).

jwt2john

jwt2john.py JWT

Convert a JWT to a format John the Ripper can understand.

John the Ripper now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing SALT_LIMBS in the source code.

You can’t perform that action at this time.