The JWT hammer

José González Krause 79ca71e39a Fixed an error where the bruteforce failed silently on RS* signatures and added the flag for the ALG confusion attack 7 months ago
.gitignore b252fbd93b Initial commit 1 year ago
LICENSE b252fbd93b Initial commit 1 year ago
README.md bad375a9db Updated readme 1 year ago
mjolnir.go 79ca71e39a Fixed an error where the bruteforce failed silently on RS* signatures and added the flag for the ALG confusion attack 7 months ago

README.md

mjölnir

The JWT hammer

Usage

Dictionary attack against HMAC signature

mjolnir -jwt $JWToken -dic myDict.txt

For example, use the rockyou dictionary against this JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ABn9EFDMlzoAMvhxq0XPsYzR3h5ro9t4k-ulGCG7J1c

Signature exclusion attack

mjolnir -jwt $JWToken -exclude