A JWT brute-force cracker written in Go. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens.
go build./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJuYW1lIjoiand0Y3JhY2sifQ.2R40frvzOUV4gO3fgLamhB1tRVUD3IX8FqTiWqp0Iho abcedrstdocker build . -t jwtcrackdocker run -it --rm jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJuYW1lIjoiand0Y3JhY2sifQ.2R40frvzOUV4gO3fgLamhB1tRVUD3IX8FqTiWqp0Iho abcedrst./jwtcrack <token> [alphabet] [maxlen] [algorithm]- Default alphabet:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 - Default maxlen:
6 - Default algorithm:
HS256
./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJuYW1lIjoiand0Y3JhY2sifQ.QXaZSGwc4eyj3SW_IkIVKsruB1H7WlOr3XMtw_LeODY abcde12345 6 HS256./jwtcrack eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJuYW1lIjoiand0Y3JhY2sifQ.kh07R5GxeApHgXnfm_3CpRo8Ky1ZD66zCb-lk-9-AQb549c50PU1c8BBSxkDewlm abcde12345 6 HS384./jwtcrack eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJuYW1lIjoiand0Y3JhY2sifQ.6J3aomWAWAA-K2goUqsgi9VJJ4O6tuG-xe-_nmWr1UMzj79B9sBQumpPtWYQ4geYx5wckFLnd_9rXpdyFv-sRw abcde12345 6 HS512This project is under the MIT license. See the LICENSE file for details.