jwt-hack: tool for hacking/security testing to JWT
jwt-hack
jwt-hack is a tool for hacking/security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brute force).
Use
Encode mode(JSON to JWT)
▶ jwt-hack encode ‘{“json”:”format”}’ –secret={YOUR_SECRET}
Decode mode(JWT to JSON)
▶ jwt-hack decode {JWT_CODE}
Crack mode(Dictionary attack / BruteForce)
▶ jwt-hack crack -w {WORDLIST} {JWT_CODE}
Payload mode(Alg none attack, etc..)
▶ jwt-hack payload {JWT_CODE}
for jku and x5u (what is? readme this slide)
- –jwk-attack : A attack payload domain for jku&x5u (e.g hahwul.com)
- –jwk-trust : jku&x5u protocol (http/https) (default “https”)
- –jwk-protocol : A trusted domain for jku&x5u (e.g google.com)
Download
Copyright (c) 2020 HAHWUL