Skip to content
Crack the shared secret of a HS256-signed JWT
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Added support for more algorithms Oct 16, 2019
requirements.txt Add PyJWT as requirement Aug 24, 2016

Crack a HS256, HS384 or HS512-signed JWT. You need PyJWT for these scripts:

pip install PyJWT JWT dictionary.txt

Try to verify the signature on the JWT using all words in dictionary.txt (one per line).

jwt2john JWT

Convert a JWT to a format John the Ripper can understand.

John the Ripper now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing SALT_LIMBS in the source code.

You can’t perform that action at this time.