jwt-secret
v1.1.1
Published
Bruteforce a JWT against a list of passwords
Downloads
29
Maintainers
Readme
jwt-secret
Bruteforce a JWT against a list of passwords
Your JWT is only as secure as the secret used to sign it. Test a JWT against any arbitrary list of secrets.
Install
Ensure you have Node.js version 4+ installed. Then run the following:
$ npm install --global jwt-secret
Usage
$ jwt-secret --help
Usage
$ jwt-secret <token>
--file Read secrets from file path
--stdin Read secrets from stdin
Examples
$ jwt-secret --file ./passwords.txt eyJhbGciOiJIUzI1...
$ curl -sL https://git.io/vP5n1 | jwt-secret --stdin eyJhbGciOiJIUzI1...
Secrets
Secrets must be newline separated. Try using a list from SecLists.
Example:
123456
password
12345678
qwerty
123456789
12345
1234
111111
1234567
dragon
License
MIT © Tim Hudson