A multi-threaded C-based tool that brute forces JWT secret keys to enable forging of valid tokens.
JWT brute force cracker written in C
This tool is primarily used by security professionals and penetration testers to assess the strength of JWT secret keys by attempting brute-force attacks. It helps identify weak or guessable secrets in JWT-based authentication systems, enabling organizations to improve their token security.
This tool requires significant computational power and time for longer or complex secret keys due to brute force nature. It is intended strictly for testing and security assessment purposes; unauthorized use may lead to legal consequences. OpenSSL must be installed and properly linked during compilation. Users should carefully specify the correct hash function and character set to optimize cracking attempts.
Ensure OpenSSL headers are installed (e.g., on Ubuntu: apt-get install libssl-dev)
Clone the repository (implied, not explicitly stated)
Build the project using 'make'
On Mac, install OpenSSL via Homebrew: brew install openssl
Compile on Mac using: make OPENSSL=/usr/local/opt/openssl/include OPENSSL_LIB=-L/usr/local/opt/openssl/lib
Alternatively, build a Docker image with: docker build . -t jwtcrackdocker run -it --rm jwtcrack <jwt_token>
Run the JWT cracker inside a Docker container against the provided JWT token.
./jwtcrack <jwt_token>
Run the JWT cracker locally on the provided JWT token.
./jwtcrack <jwt_token> ABCSNFabcsnf1234 5 sha256
Brute force the JWT secret with a maximum length of 5 characters using the specified alphabet and HS256 hash function.
./jwtcrack <jwt_token> adimnps 9 sha512
Brute force the JWT secret with a maximum length of 9 characters using a limited alphabet and HS512 hash function.
./jwtcrack <jwt_token> 0123456789 6 sha384
Brute force the JWT secret with a maximum length of 6 characters using numeric characters and HS384 hash function.