Namely, Pickled Meatballs

    jwt-secret

    1.1.1 • Public • Published

    jwt-secret Build Status

    Bruteforce a JWT against a list of passwords

    Your JWT is only as secure as the secret used to sign it. Test a JWT against any arbitrary list of secrets.

    Install

    Ensure you have Node.js version 4+ installed. Then run the following:

    $ npm install --global jwt-secret
    

    Usage

    $ jwt-secret --help
    
      Usage
        $ jwt-secret <token>
    
        --file   Read secrets from file path
        --stdin  Read secrets from stdin
    
      Examples
        $ jwt-secret --file ./passwords.txt eyJhbGciOiJIUzI1...
        $ curl -sL https://git.io/vP5n1 | jwt-secret --stdin eyJhbGciOiJIUzI1...
    

    Secrets

    Secrets must be newline separated. Try using a list from SecLists.

    Example:

    123456
    password
    12345678
    qwerty
    123456789
    12345
    1234
    111111
    1234567
    dragon
    

    License

    MIT © Tim Hudson

    Install

    npm i jwt-secret

    DownloadsWeekly Downloads

    7

    Version

    1.1.1

    License

    MIT

    Last publish

    Collaborators

    • timhudson