jwtear v1.0.6 releases: parse, create and manipulate JWT tokens for hackers

Jwtear

A modular Command-line tool to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes.

Features

• Complete modularity.
  • All commands are plugins.
  • Easy to add new plugins.
  • Support JWS and JWE tokens.
• Easy interface for plugins. (follow the template example)

Available plugins

• Parse: parses jwt tokens.
• jws: manipulate and generate JWS tokens.
• jwe: manipulate and generate JWE tokens.
• bruteforce: brutefocing JWS signing key
• wiki: contains information about JWT, attacks ideas, references.

Install

$ gem install jwtear

Use

• Use a plugin

plugins are defined as subcommands. Each subcommand may have one or more arguments and/or switches.

$ jwtear parse -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.J8SS8VKlI2yV47C4BtfYukWPx_2welF34Mz7l-MNmkE

$ jwtear jws -h '{"alg":"HS256","typ":"JWT"}' -p '{"user":"admin"}' -k p@ss0rd123

$ jwtear bruteforce -t eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjpudWxsfQ.Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM -l ~/tmp/pass.list -v

Tutorial

Copyright (C) 2019 KINGSABRI