jwt-bf : Json Web Token (JWT) brute force
jwt brute force cracker via node js. supports dictionary attacks against HS256.
Usage:
jwt-bf <token> <wordlist>
token the full HS256 jwt token to crack
wordlist wordlist dictionary file
Install
npm install --global jwt-bf
Usage
jwt-bf <token> <wordlist>
Example
jwt-bf /path/to/token.txt /path/to/wordlist.txt
Example Result
SECRET FOUND: 1234
Time taken (sec): 0.006
Attempts: 4