JWTRipper
A command line tool for encoding, decoding and brute-forcing JSON Web Token(JWT). Learn more about JWT
Demo
Installation
Step-01: Clone the github repo and traverse to the mentioned folder.
git clone https://github.com/Virag007/JWTRipper.git && cd JWTRipper
Step-02: Install the required python library to smoothly run the tool.
pip install -r requirements.txt
or pip3 install -r requirements.txt
Step-03: View the usage
python3 JWTRipper --help
usage: use "JWTRipper.py --help" for more information
Title: JWTRipper - JWT Encoder, Decoder & Brute-forcer
Author: Parag Thakur (aka Virag)
Twitter Handle: @_virag007
Description: A command line tool for encoding, decoding and brute-forcing JSON Web Token(JWT).
optional arguments:
-h, --help show this help message and exit
-d DECODE, --decode DECODE
Decode a JWT Token
--brute Enable brute-force mode
-w WORDLIST, --wordlist WORDLIST
Specify a wordlist for brute-forcing
--version Shows the version information and exit
Step-04: python3 JWTRipper
It is a menu driven program in which you are given three menus and depending upon the requirement you may select either of them. First will encode a JWT Token for you, second will decode header and payload fields of JWT Token for you and last will brute-force the secret key of JWT Token. (Note: For brute-forcing you must provide a wordlist file.)
Platform Supported
Features
- Encode the JWT Token
- Decode the JWT Token
- Brute-force the JWT Token secret key
- Added cross-platform support (Linux and Windows till)
- Algorithm tested and support(HS256, HS384, HS512)
- Added support one-liner command for decoding and brute-forcing JWT Token.
Contributions
Your feedback and contributions will be much appreciated.
Connect with me
Name: Parag (aka Virag)