The JWT hammer

José González Krause 79ca71e39a Fixed an error where the bruteforce failed silently on RS* signatures and added the flag for the ALG confusion attack 5 months ago
.gitignore b252fbd93b Initial commit 11 months ago
LICENSE b252fbd93b Initial commit 11 months ago
README.md bad375a9db Updated readme 11 months ago
mjolnir.go 79ca71e39a Fixed an error where the bruteforce failed silently on RS* signatures and added the flag for the ALG confusion attack 5 months ago

README.md

mjölnir

The JWT hammer

Usage

Dictionary attack against HMAC signature

mjolnir -jwt $JWToken -dic myDict.txt

For example, use the rockyou dictionary against this JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ABn9EFDMlzoAMvhxq0XPsYzR3h5ro9t4k-ulGCG7J1c

Signature exclusion attack

mjolnir -jwt $JWToken -exclude