Skip to content

wallarm/jwt-secrets

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

@SemenchenkoA
SemenchenkoA Merge pull request #16 from alekberxh/alekberxh
98ff304 Dec 4, 2023
Merge pull request #16 from alekberxh/alekberxh 
Added new JWT Secrets
98ff304

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
LICENSE
Initial commit
September 2, 2020 11:49
README.md
Added new JWT Secrets
May 3, 2023 08:17
jwt.secrets.list
Added new JWT Secrets
December 3, 2023 17:13

README.md

jwt-secrets

The goal for this project was to find as many public-available JWT secrets as possible to help developers and DevOpses identify it by traffic analysis at the Wallarm NGWAF level.

For now (10/02/2020) the list consists of 3502

We focused on Google search and GitHub dorks by using mainly two query patterns:

  1. jwt example +TECHNOLOGY where the TECHNOLOGY is the language itself like PHP, Ruby, Rails, or framework like ExpressJS, Struts of Flask.
  2. Google BigQuery search based on 3M GitHub projects

This repository is automatically connected with the JWT heartbreaker Burp extension (see: https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/)

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

502 stars

Watchers

16 watching

Forks

147 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6