The JWT hammer

José González Krause 0e8b7eedde Added support for hs256, hs484, hs512 2 months ago
.gitignore b252fbd93b Initial commit 2 months ago
LICENSE b252fbd93b Initial commit 2 months ago
README.md bad375a9db Updated readme 2 months ago
mjolnir.go 0e8b7eedde Added support for hs256, hs484, hs512 2 months ago

README.md

mjölnir

The JWT hammer

Usage

Dictionary attack against HMAC signature

mjolnir -jwt $JWToken -dic myDict.txt

For example, use the rockyou dictionary against this JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ABn9EFDMlzoAMvhxq0XPsYzR3h5ro9t4k-ulGCG7J1c

Signature exclusion attack

mjolnir -jwt $JWToken -exclude