Virag007/JWTRipper

A command line tool for encoding, decoding and brute-forcing JSON Web Token (JWT).

JWTRipper

A command line tool for encoding, decoding and brute-forcing JSON Web Token(JWT). Learn more about JWT

Demo

Installation

Step-01: Clone the github repo and traverse to the mentioned folder.
git clone https://github.com/Virag007/JWTRipper.git && cd JWTRipper

Step-02: Install the required python library to smoothly run the tool.
pip install -r requirements.txt or pip3 install -r requirements.txt

Step-03: View the usage

python3 JWTRipper --help

usage: use "JWTRipper.py --help" for more information

Title: JWTRipper - JWT Encoder, Decoder & Brute-forcer
Author: Parag Thakur (aka Virag)
Twitter Handle: @_virag007
Description: A command line tool for encoding, decoding and brute-forcing JSON Web Token(JWT).

optional arguments:
  -h, --help            show this help message and exit
  -d DECODE, --decode DECODE
                        Decode a JWT Token
  --brute               Enable brute-force mode
  -w WORDLIST, --wordlist WORDLIST
                        Specify a wordlist for brute-forcing
  --version             Shows the version information and exit

Step-04: python3 JWTRipper
It is a menu driven program in which you are given three menus and depending upon the requirement you may select either of them. First will encode a JWT Token for you, second will decode header and payload fields of JWT Token for you and last will brute-force the secret key of JWT Token. (Note: For brute-forcing you must provide a wordlist file.)

Platform Supported

Features

1. Encode the JWT Token
2. Decode the JWT Token
3. Brute-force the JWT Token secret key
4. Added cross-platform support (Linux and Windows till)
5. Algorithm tested and support(HS256, HS384, HS512)
6. Added support one-liner command for decoding and brute-forcing JWT Token.

Contributions

Your feedback and contributions will be much appreciated. 🍻🍻

Connect with me

Name: Parag (aka Virag)

Social Handles: