Skip to content

Latest commit

 

History

History
55 lines (38 loc) · 1.04 KB

README.md

File metadata and controls

55 lines (38 loc) · 1.04 KB
Raw

jwt-secret Build Status

Bruteforce a JWT against a list of passwords

Your JWT is only as secure as the secret used to sign it. Test a JWT against any arbitrary list of secrets.

Install

Ensure you have Node.js version 4+ installed. Then run the following:

$ npm install --global jwt-secret

Usage

$ jwt-secret --help

  Usage
    $ jwt-secret <token>

    --file   Read secrets from file path
    --stdin  Read secrets from stdin

  Examples
    $ jwt-secret --file ./passwords.txt eyJhbGciOiJIUzI1...
    $ curl -sL https://git.io/vP5n1 | jwt-secret --stdin eyJhbGciOiJIUzI1...

Secrets

Secrets must be newline separated. Try using a list from SecLists.

Example:

123456
password
12345678
qwerty
123456789
12345
1234
111111
1234567
dragon

License

MIT © Tim Hudson