jwtcat
JWT
) cracker and - to some extent - scanner
A CPU-based JSON Web Token (jwtcat
is a Python script
designed to detect and exploit well-known cryptographic flaws present in JSON Web Token (JWT
).
These vulnerabilities, if successfully exploited by an adversary could allow authentication bypass, information disclosure and could ultimately lead to the compromise of an entire information system.
More information about JWT
vulnerabilities can be found at:
Features
- Test against the following vulnerabilitie(s):
- CVE-2018-1000531:
JWT
signature bypass due to the use ofNone
hashing algorithm (alg=none
)
- CVE-2018-1000531:
- Guessing attacks against
JWT
private keys signed with theHS256
hashing algorithm:- Brute-force attacks
- Wordlist attacks
Requirements
jwtcat
is fully written in Python 3
and requires a minimum of Python 3.6
in addition to the following libraries:
Installation
-
Clone the repository:
git clone https://github.com/AresS31/jwtcat cd jwtcat
-
(Optional but recommended) Create and activate a new
Python
virtual environment:-
Create the virtual environment:
python -m venv env
-
Activate the newly created environment:
-
On
POSIX
:source ./env/bin/activate
-
On
Windows
:./env/Scripts/Activate.ps1
-
-
-
Install dependencies:
python -m pip install -r requirements.txt
Usage
-
To list the available options:
python jwtcat.py -h
-
To list available options specific to brute force attacks:
python jwtcat.py brute-force -h
-
To list available options specific to wordlist attacks:
python jwtcat.py wordlist -h
-
To test a
JWT
against CVE-2018-1000531 andHS256
brute-force attacks:python jwtcat.py vulnerable -h
Roadmap
- Implement additional attack vectors.
- Implement support for multithreading or multiprocessing.
- Implement support for the
-tF, --token-file
swicth. - Improve the code logic for:
-
TQDM
integration with thelogger
.
-
- Improve the script performances.
Changelog
v1.1 - May 2020:
- Added checks to see if
JWT
is signed withHS256
. - Added checks to see if
JWT
is vulnerable to CVE-2018-1000531. - Added
potfile
options. - Added support for brute-force attacks.
- Code refactoring.
- Improved the standard output formatting.
- Switched from
python-colorlog
tocoloredlogs
.
Sponsor π
If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. β
It is easy, all you got to do is press the Sponsor
button at the top of this page or alternatively click this link. πΈ
Reporting Issues
Found a bug? I would love to squash it! π
Please report all issues on the GitHub issues tracker.
Contributing
You would like to contribute to better this project? π€©
Please submit all PRs
on the GitHub pull requests tracker.
License
See LICENSE.