Need help with jwtcrack?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

Sjord
128 Stars 51 Forks GNU Affero General Public License v3.0 23 Commits 1 Opened issues

Description

Crack the shared secret of a HS256-signed JWT

Services available

!
?

Need anything else?

Contributors list

# 41,309
Perl
paypal
Bootstr...
sed
14 commits

Crack a HS256, HS384 or HS512-signed JWT. You need

PyJWT
for these scripts:
pip install PyJWT

crackjwt.py

crackjwt.py JWT dictionary.txt

Try to verify the signature on the JWT using all words in

dictionary.txt
(one per line).

jwt2john

jwt2john.py JWT

Convert a JWT to a format John the Ripper can understand.

John the Ripper now supports the JWT format, so converting the token is no longer necessary. John has a size limit on the data it will take. If you run into this limit, consider changing

SALT_LIMBS
in the source code.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.