Skip to content

ivan-sincek/jwt-bf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

src

src

 
 

.gitattributes

.gitattributes

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

JWT BF

Brute force a JWT token. Script uses multithreading.

Tested on Kali Linux v2023.4 (64-bit).

Made for educational purposes. I hope it will help!

How to Run

Open your preferred console from /src/ and run the commands shown below.

Install required packages:

pip3 install -r requirements.txt

Run the script:

python3 jwt_bf.py

Usage

JWT BF v2.2 ( github.com/ivan-sincek/jwt-bf )

Usage:   python3 jwt_bf.py -w wordlist    -t token       [-th threads]
Example: python3 jwt_bf.py -w secrets.txt -t xxx.yyy.zzz [-th 50     ]

DESCRIPTION
    Brute force a JWT token
WORDLIST
    Wordlist to use
    Spacing will be stripped, empty lines ignored, and duplicates removed
    -w <wordlist> - secrets.txt | etc.
TOKEN
    JWT token to crack
    -t <token> - xxx.yyy.zzz | etc.
THREADS
    Number of parallel threads to run
    Wordlist will be split equally between threads
    Default: 10
    -th <threads> - 50 | etc.

About

Brute force a JWT token. Script uses multithreading.

Topics

python security jwt web penetration-testing brute-force bug-bounty cracking dictionary-attack offensive-security ethical-hacking web-penetration-testing red-team-engagement

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 1

v2.2 Latest
Dec 24, 2023

Languages