Skip to content
/ jwt-crack-goLang Public

The project was created for a brute JWT token that can be used on GO. The author is not responsible for the use of the project. The main idea is to check the work of the security department with an estimate of the reaction time. Also the idea is to check the difficulty of generating a token.

License

MIT license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vns0/jwt-crack-goLang

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

jwt-crack-goLang

JWT bruteForce inspired by https://github.com/lmammino/jwt-cracker

This is really only effective for cracking JWTs with weak secrets. Only works with hmac-sha256 sign.

Usage

Usage of go-jwt-cracker:
  -alphabet string
        The alphabet to use for the brute (default "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
  -maxlen int
        The max length of the string generated during the brute (default 12)
  -prefix string
        A string that is always prefixed to the secret
  -suffix string
        A string that is always suffixed to the secret
  -token string
        The full HS256 jwt token to crack

Example

Cracking a token generated with jwt.io:

go run main.go -token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik5pa2l0YSBWdG9ydXNoaW4iLCJpYXQiOjE1MTYyMzkwMjIsIm1haWwiOiJuLnZ0b3J1aGluQGluYm94LnJ1IiwidGciOiJAbmlraXRhdm9yeWV0In0.S7vayZVGwvivBhOJfspPkvNqIN8CuUYZmEaJ0gwSFg0" -alphabet "abcdefghijklmnopqrstuwxyz" -maxlen 6

Output

Parsed JWT:
- Algorithm: HS256
- Type: JWT
- Payload: {"sub":"1234567890","name":"Nikita Vtorushin","iat":1516239022,"mail":"[email protected]","tg":"@nikitavoryet"}
- Signature (hex): 4bbbdac99546c2f8af0613897eca4f92f36a20df02b94619984689d20c12160d

There are 254313150 combinations to attempt
Start cracking JWT secret...
Attempts: 100000
Attempts: 200000
Attempts: 300000
...
Attempts: 184500000
Attempts: 184600000
Attempts: 184700000
Found secret in 184776822 attempts: secret

Time spent

  • Intel Core i9-9900k @ 3.6GHz - around 1.5 minutes
  • Intel Core i5 @ 2.9GHz - around 4 minutes

author:

Name:          Nikita
Company:       SmartWorld
Position:      TeamLead
Mail:          [email protected]
TG:            @nikitavoryet
Year of birth: 1999
FullStack:     JS/GO

About

The project was created for a brute JWT token that can be used on GO. The author is not responsible for the use of the project. The main idea is to check the work of the security department with an estimate of the reaction time. Also the idea is to check the difficulty of generating a token.

Topics

go golang jwt-crack hack-jwt jwt-brute jwt-hack-go

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages