/
JWTCrack.py
executable file
·61 lines (52 loc) · 2.1 KB
/
JWTCrack.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/usr/bin/python
# (C)2018 Netscylla
# License GNU GPL v3.0
import math
import concurrent.futures
import multiprocessing
import jwt
from termcolor import colored
import argparse
def try_secrets(secrets):
for secret in secrets:
try:
jwt.decode(encoded, secret, algorithm)
return secret
except jwt.InvalidTokenError:
pass
def partition(items, count):
return [items[i:i + count] for i in range(0, len(items), count)]
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="""
=========================
JWTCrack
(c)2018 Netscylla
=========================
Disclaimer: This program is free to use at your own risk!
More details on the disclaimer and license available here: https://github.com/netscylla/JWT_Hacking""",
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument('encoded_jwt',
help='Base64 Encoded JWT String')
parser.add_argument('wordlist',
help='Dictionary wordlist file used to bruteforce the JWT')
parser.add_argument('-a', '--algorithm',
help='HMAC Algorithm',
required=False,
default="HS256",
choices=["HS256", "HS384", "HS512"])
parser.add_argument('-t', '--threads',
help='Number of threads',
type=int,
required=False,
default=multiprocessing.cpu_count())
args = parser.parse_args()
algorithm = args.algorithm
encoded = args.encoded_jwt
with concurrent.futures.ProcessPoolExecutor(max_workers=args.threads) as executor, \
open(args.wordlist, 'r') as wordlist:
wordlist = list(map(str.strip, wordlist.readlines()))
for result in executor.map(try_secrets,
partition(wordlist, int(math.ceil(len(wordlist) / float(args.threads))))):
if result:
print colored('Success! [' + result + ']', 'green')
break