xiufengyue/jwtscan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
b329019814dc5aa5abbc23aebc1f9a21cda61d4a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
xiufengyue b329019814 Update README.md
2022-02-09 20:24:13 +08:00
src/main/java/com/su
update
2022-02-09 20:01:42 +08:00
pom.xml
update
2022-02-09 20:01:42 +08:00
README.md
Update README.md
2022-02-09 20:24:13 +08:00
result.png
Add files via upload
2022-02-09 20:21:17 +08:00

README.md

-r 要扫描的完整http请求包路径 指定-r 会发送请求校验安全问题 例:

GET /user/userinfo HTTP/1.1
Host: 127.0.0.1:8081
Cookie: token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbklkIjoxMDAwMSwicm4iOiJBUEg2OEpSTXdURWFIN29TZEc2eURwa1c3SXA4bkY5TiJ9.u3xuzKmqKBgcPbTHBk3RitWc25sXfmJCP4ekeZQPKo0

-j 完整的jwt信息
-d 指定jwt秘钥爆破字典 如不指定不会执行爆破
-t 扫描线程数 不指定未默认30

提供两种扫描方式

java -jar JWTSCAN.jar -r 要扫描的完整http请求包路径 -d 指定要爆破的字典

java -jar JWTSCAN.jar -j 完整的jwt信息 -d 指定要爆破的字典

例:
java -jar JWTSCAN.jar -j eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbklkIjoxMDAwMSwicm4iOiJBUEg2OEpSTXdURWFIN29TZEc2eURwa1c3SXA4bkY5TiJ9.u3xuzKmqKBgcPbTHBk3RitWc25sXfmJCP4ekeZQPKo0 -d Key_dictionary.txt

java -jar JWTSCAN.jar Original_request.txt -d Key_dictionary.txt

Description
No description provided
Readme 309 KiB
Languages
Java 100%