npm
Sign UpSign In

multithread-jwt-cracker

1.0.1 • Public • Published

npm npm GitHub stars GitHub license

multithread-jwt-cracker

Simple HS256 JWT token brute force cracker with multi-thread support and minimal dependencies. It also shows a resume command on exit and has a nice progressbar.

It is a fork of single-threaded jwt-cracker package by @lmammino, check out the original repo!

Install

With npm:

npm install --global multithread-jwt-cracker

Usage

From command line:

multithread-jwt-cracker <token> [<alphabet>] [<maxLength>] [<threads>] [<start>]

Where:

  • token: the full HS256 JWT token string to crack
  • alphabet: the alphabet to use for the brute force, type 'default' to omit
    (default: "etaoinsrhldcumfpgwybv0123456789kxjqz _-.ETAOINSRHLDCUMFPGWYBVKXJQZ")
  • maxLength: the max length of the string generated during the brute force (default: 12)
  • threads: the number of threads to use (default: 1, max: your-cpu-max-threads)
  • start: the index from where to resume the search

Requirements

This script requires Node.js version 6.0.0 or higher

Example

Cracking the default jwt.io example:

multithread-jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" "abcdefghijklmnopqrstuwxyz" 6 12

It starts cracking with 12 threads and only lower-case letters as alphabet. It takes about 240s to crack on i9-9900K:

   Cracking process started. (pid: XXXX)
   Token:    <eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ>
   Alphabet: <abcdefghijklmnopqrstuwxyz>
   maxLen:   <6>
   threads:  <12>
 
[=================   ] length 6/6 | cursor 187,210,000 | 754,879 secrets/sec | elapsed 248s Success!
Secret found! Secret: secret
Time taken (sec): 248
 

Pretty cool, huh?

Contributing

Everyone is very welcome to contribute to this project. You can contribute just by submitting bugs or suggesting improvements by opening an issue on GitHub.

Future plans

  • HTTP server to preview the cracking progress
  • Min-length argument
  • Looking for a way to optimize this package even more!

License

Licensed under MIT License.

Readme

Keywords

none

Package Sidebar

Install

npm i multithread-jwt-cracker

Repository

github.com/vaverix/multithread-jwt-cracker

Homepage

github.com/vaverix/multithread-jwt-cracker#readme

Weekly Downloads

1

Version

1.0.1

License

MIT

Unpacked Size

11.7 kB

Total Files

5

Last publish

Collaborators

  • vaverix
Try on RunKit
Report malware