Skip to content

Sjord/jwtcrack

master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

Crack a HS256, HS384 or HS512-signed JWT. You need PyJWT and tqdm for these scripts:

pip install PyJWT tqdm

crackjwt.py

crackjwt.py JWT dictionary.txt

Try to verify the signature on the JWT using all words in dictionary.txt (one per line).

jwt2john

jwt2john.py JWT

Convert a JWT to a format John the Ripper can understand.

John the Ripper now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing SALT_LIMBS in the source code.