JWT-Hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce). Installation go-get(dev version) $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $ sudo snap install jwt-hack Usage d8p 8d8 d88 888888888 888 888 ,8b. doooooo …
Tag Archives: JSON
Token Breaker : JSON RSA To HMAC & None Algorithm Vulnerability POC
Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokens Try out this vulnerability here TheNone Usage Usage: TheNone.py [-h] -t TOKENTokenBreaker: 1.TheNoneAlgorithmOptional Arguments:-h, –help show this help message and exitRequired Arguments:-t TOKEN, …
Continue reading “Token Breaker : JSON RSA To HMAC & None Algorithm Vulnerability POC”
JWT Tool : A Toolkit For Testing, Tweaking & Cracking JSON Web Tokens
JWT Tool(jwt_tool.py) is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/key file Identifying weak keys via a High-speed Dictionary Attack Forging new token …
Continue reading “JWT Tool : A Toolkit For Testing, Tweaking & Cracking JSON Web Tokens”