jwt-cracker - Simple HS256 JWT token brute force cracker

  •        1029

Simple HS256 JWT token brute force cracker. Effective only to crack JWT tokens with weak secrets. Recommendation: Use strong long secrets or RS256 tokens.

https://lmammino.github.io/jwt-cracker/
https://github.com/lmammino/jwt-cracker

Dependencies:

variations-stream : ^0.1.3

Tags
Implementation
License
Platform

   




Related Projects

BozoCrack - A silly & effective MD5 cracker in Ruby

  •    Ruby

BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results. It works way better than it ever should.

BruteX - Automatically brute force all services running on a target.

  •    Shell

This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use. Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support for sniper.

express-brute - Brute-force protection middleware for express routes by rate limiting incoming requests

  •    Javascript

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. An in-memory store for persisting request counts. Don't use this in production, instead choose one of the more robust store implementations listed below.


md5bfcpf

  •    Perl

MD5 Brute Force Cracker

credential - Easy password hashing and verification in Node

  •    Javascript

Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.

OphCrack - Windows Password Cracker

  •    C++

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

express-rate-limit - Basic rate-limiting middleware for express

  •    Javascript

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an addon store or trying out one of the excelent competing options.

scrypt - A Ruby gem with native C extension for the scrypt password hashing algorithm.

  •    C

The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.

express-jwt-permissions - :vertical_traffic_light: Express middleware for JWT permissions

  •    Javascript

Middleware that checks JWT tokens for permissions, recommended to be used in conjunction with express-jwt. This middleware assumes you already have a JWT authentication middleware such as express-jwt.

patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

  •    Python

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. The name "Patator" comes from this.

protect - Proactively protect your Node.js web services

  •    Javascript

Works on Node.js v6 and newer. The purpose of this module is to provide out-of-box, proactive protection for common security problems, like SQL injection attacks, XSS attacks, brute force, etc...

jose-jwt - Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for

  •    CSharp

Minimallistic zero-dependency library for generating, decoding and encryption JSON Web Tokens. Supports full suite of JSON Web Algorithms as of July 4, 2014 version. JSON parsing agnostic, can plug any desired JSON processing library. Extensively tested for compatibility with jose.4.j, Nimbus-JOSE-JWT and json-jwt libraries.v2.1 and above added extra features support for .NET461+ and coming with 3 version of binaries (NET4, NET461 and netstandard1.4).

Hash-Buster - Crack hashes in seconds.

  •    Python

Note: Hash Buster isn't compatible with python2, run it with python3 instead. Also, Hash-Buster uses some APIs for hash lookups, check the source code if you are paranoid. After the installation, you will be able to access it with buster command.

jwt-auth-guard - JWT Auth Guard for Laravel and Lumen Frameworks.

  •    PHP

JWT Auth Guard is a Laravel & Lumen Package that lets you use jwt as your driver for authentication guard in your application. The Guard uses tymon/jwt-auth package for authentication and token handling.

jwt-scala - JWT support for Scala. Bonus extensions for Play, Play JSON, Json4s, Circe and uPickle

  •    Scala

Scala support for JSON Web Token (JWT). Supports Java 1.6+, Scala 2.11.x and Scala 2.12.x. Optional helpers for Play Framework, Play JSON, Json4s Native, Json4s Jackson, Circe and uPickle.JWT Scala is divided in several sub-projects each targeting a specific use-case. Depending on your need, you want to pick the right one.

jose - A comprehensive set of JWT, JWS, and JWE libraries.

  •    Go

JOSE is a comprehensive set of JWT, JWS, and JWE libraries.The only other JWS/JWE/JWT implementations are specific to JWT, and none were particularly pleasant to work with.

jjwt - Java JWT: JSON Web Token for Java and Android

  •    Java

JJWT aims to be the easiest to use and understand library for creating and verifying JSON Web Tokens (JWTs) on the JVM.JJWT is a Java implementation based on the JWT, JWS, JWE, JWK and JWA RFC specifications.