Decode, explore, and sign JWTs

Related tags

Authentication security jwt jwt-token security-tools
Overview

JWT Explorer

A utility for inspecting, modifying, and attacking JWTs.

Supports Windows and Linux and probably also works on macOS but this has not been tested.

Overview of JWT Explorer

Usage

cargo run --release

Or download the latest release for your platform from the releases page!

Features

  • Decode JWTs and inspect the headers and claims
  • Automatically try some common secrets
  • Generate alg:none attack payloads
  • Easily update iat and exp with various offsets
  • Sign and encode tokens with common algorithms
  • Accept and encode invalid JSON payloads
  • Alter the claims while retaining the original signature
  • Signature types: HMAC-SHA, ECDSA, RSASSA-PKCS1-v1_5

Attacks

alg:none
"Sign" the JWT with an empty signature and set the algorithm type to "None". Accepted by some implementations which trust the JWT's choice of signature algorithm. Some parsers check for "none" but don't check for e.g. "nOnE". Make sure to try with and without the trailing dot.
Null signature
Leave the original header intact but don't provide a signature. Make sure to try with and without the trailing dot.
Retain original signature
Tamper with the claims while leaving the original signature intact.
Guess common secrets
If the token has been signed with an HMAC then try a few common secrets. This is not a substitute for passing the token to Hashcat, but can get some easy wins.

License

JWT Explorer is available under the terms of either the MIT license or the Apache License (Version 2.0).

Fonts used are distributed under the terms of the Open Font License.

JWT Explorer binaries include a statically linked copy of OpenSSL which is distributed under the terms of the Apache License 2.0.

See LICENSE-APACHE, LICENSE-MIT, and fonts/*/LICENSE for details.

You might also like...
Simple PoC to issue JSON Web Tokens (JWTs) with a canister on the Internet Computer.

JWT Issuer Proof of Concept Overview Simple PoC to issue JSON Web Tokens (JWTs) with a canister on the Internet Computer. It allows the issuance of tw

Dominic Wörner 7 Oct 13, 2022
xyz is a chat platform where people sign up, play a matching game, and say goodbye
xyz is a chat platform where people sign up, play a matching game, and say goodbye

xyz is an asynchronous chat and web service What you need Docker Desktop 🐳 Cargo (Rust package manager) 📦 Clone our project Follow the steps below t

Matthew 12 Oct 11, 2023
Git FIDO Helper - Sign your Git commits with multiple resident SSH keys

gfh Git FIDO helper, or God Fucking Help me. gfh is a tool for helping you sign your commits in Git with resident SSH keys stored on multiple FIDO dev

Michael Mitchell 16 Nov 30, 2022
Harness the power of signify(1) to sign arbitrary git objects

git-signify A tool to sign arbitrary objects in a git repository. Generating keys Signing keys can be generated with signify, from the OpenBSD project

Tiago Carvalho 3 Jul 27, 2023
OpenID Connect Single Sign-On Identity Provider

Rauthy CAUTION: There has not been any third party security audit for this project. Use this software at your own risk! INFO: This project is currentl

Sebastian Dobe 2 Jul 29, 2023
A comprehensive collection of resources and learning materials for Rust programming, empowering developers to explore and master the modern, safe, and blazingly fast language.

🦀 Awesome Rust Lang ⛰️ Project Description : Welcome to the Awesome Rust Lang repository! This is a comprehensive collection of resources for Rust, a

Shubham Raj 16 May 29, 2023
Decode SCALE bytes into custom types using a scale-info type registry and a custom Visitor impl.

scale-decode This crate attempts to simplify the process of decoding SCALE encoded bytes into a custom data structure given a type registry (from scal

Parity Technologies 6 Sep 20, 2022
A quick way to decode a contract's transaction data with only the contract address and abi.

tx-decoder A quick way to decode a contract's transaction data with only the contract address and abi. E.g, let tx_data = "0xe70dd2fc00000000000000000

DeGatchi 15 Feb 13, 2023
Encode and decode dynamically constructed values of arbitrary shapes to/from SCALE bytes

scale-value · This crate provides a Value type, which is a runtime representation that is compatible with scale_info::TypeDef. It somewhat analogous t

Parity Technologies 15 Jun 24, 2023
Decode Mode S and ADS-B signals in Rust

rs1090 rs1090 is a Rust library to decode Mode S and ADS-B messages. It takes its inspiration from the Python pyModeS library, and uses deku in order

Xavier Olive 6 Mar 1, 2024
Extensible open world rogue like game with pixel art. Players can explore the wilderness and ruins.
Extensible open world rogue like game with pixel art. Players can explore the wilderness and ruins.

Rusted Ruins Extensible open world rogue like game with pixel art. Players can explore the wilderness and ruins. This game is written in Rust. Screens

T. Okubo 427 Dec 13, 2022
Explore the WWW and find the shortest path between two HTML documents

explore Find shortest path between two web resources. About I decided to create this project because some day I started to wonder: In how many clicks

Eryk Andrzejewski 1 Apr 10, 2022
The powerful analysis platform to explore and visualize data from blockchain.

Mars: The powerful analysis platform to explore and visualize data from Web3 Features Blazing Fast Create from scratch with Rust. Pipeline Processor E

DeepETH 66 Dec 17, 2022
decode a byte stream of varint length-encoded messages into a stream of chunks

length-prefixed-stream decode a byte stream of varint length-encoded messages into a stream of chunks This crate is similar to and compatible with the

James Halliday 4 Feb 26, 2022
Decode Metaplex mint account metadata into a JSON file.

Simple Metaplex Decoder (WIP) Install From Source Install Rust. curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh Clone the source: git c

Samuel Vanderwaal 8 Aug 25, 2022
CLI tool to encode/decode base64

b64 is a simple util to encode/decode base64 texts.

null 0 Jul 6, 2022
Encode/Decode bytes as emoji base2048

mojibake Encode and decode arbitrary bytes as a sequence of emoji optimized to produce the smallest number of graphemes. Description This is not a spa

null 15 Jul 23, 2023
Decode URLs in your files!

urldecoder English | 简体中文 A tool to batch decode URLs in your files. A toy project written in Rust. Decoding URLs shortens the string length and incre

Absolutex 3 Feb 18, 2024
Simple playground project to explore the YUV4MPEG2 format.
Simple playground project to explore the YUV4MPEG2 format.

2mpeg4yuv Simple playground project to explore the YUV4MPEG2 format. Quick Start Install the Rust Compiler Preview $ ./build.sh $ ./2mpeg4yuv preview

Tsoding 19 Dec 28, 2022
Comments
  • Bump openssl-src from 300.0.7+3.0.3 to 300.0.9+3.0.5

    Bump openssl-src from 300.0.7+3.0.3 to 300.0.9+3.0.5

    Bumps openssl-src from 300.0.7+3.0.3 to 300.0.9+3.0.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump crossbeam-utils from 0.8.5 to 0.8.8

    Bump crossbeam-utils from 0.8.5 to 0.8.8

    Bumps crossbeam-utils from 0.8.5 to 0.8.8.

    Release notes

    Sourced from crossbeam-utils's releases.

    crossbeam-utils 0.8.8

    • Fix a bug when unstable loom support is enabled. (#787)

    crossbeam-utils 0.8.7

    • Add AtomicCell<{i*,u*}>::{fetch_max,fetch_min}. (#785)
    • Add AtomicCell<{i*,u*,bool}>::fetch_nand. (#785)
    • Fix unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64 (#781)

    crossbeam-utils 0.8.6

    • Re-add AtomicCell<{i,u}64>::{fetch_add,fetch_sub,fetch_and,fetch_or,fetch_xor} that were accidentally removed in 0.8.0 0.7.1 on targets that do not support Atomic{I,U}64. (#767)
    • Re-add AtomicCell<{i,u}128>::{fetch_add,fetch_sub,fetch_and,fetch_or,fetch_xor} that were accidentally removed in 0.8.0 0.7.1. (#767)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump openssl-src from 300.0.2+3.0.0 to 300.0.7+3.0.3

    Bump openssl-src from 300.0.2+3.0.0 to 300.0.7+3.0.3

    Bumps openssl-src from 300.0.2+3.0.0 to 300.0.7+3.0.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump tokio from 1.19.2 to 1.24.1

    Bump tokio from 1.19.2 to 1.24.1

    Bumps tokio from 1.19.2 to 1.24.1.

    Release notes

    Sourced from tokio's releases.

    Tokio v1.24.1

    This release fixes a compilation failure on targets without AtomicU64 when using rustc older than 1.63. (#5356)

    #5356: tokio-rs/tokio#5356

    Tokio v1.24.0

    The highlight of this release is the reduction of lock contention for all I/O operations (#5300). We have received reports of up to a 20% improvement in CPU utilization and increased throughput for real-world I/O heavy applications.

    Fixed

    • rt: improve native AtomicU64 support detection (#5284)

    Added

    • rt: add configuration option for max number of I/O events polled from the OS per tick (#5186)
    • rt: add an environment variable for configuring the default number of worker threads per runtime instance (#4250)

    Changed

    • sync: reduce MPSC channel stack usage (#5294)
    • io: reduce lock contention in I/O operations (#5300)
    • fs: speed up read_dir() by chunking operations (#5309)
    • rt: use internal ThreadId implementation (#5329)
    • test: don't auto-advance time when a spawn_blocking task is running (#5115)

    #5186: tokio-rs/tokio#5186 #5294: tokio-rs/tokio#5294 #5284: tokio-rs/tokio#5284 #4250: tokio-rs/tokio#4250 #5300: tokio-rs/tokio#5300 #5329: tokio-rs/tokio#5329 #5115: tokio-rs/tokio#5115 #5309: tokio-rs/tokio#5309

    Tokio v1.23.1

    This release forward ports changes from 1.18.4.

    Fixed

    • net: fix Windows named pipe server builder to maintain option when toggling pipe mode (#5336).

    #5336: tokio-rs/tokio#5336

    Tokio v1.23.0

    Fixed

    • net: fix Windows named pipe connect (#5208)
    • io: support vectored writes for ChildStdin (#5216)
    • io: fix async fn ready() false positive for OS-specific events (#5231)

    ... (truncated)

    Commits
    • 31c7e82 chore: prepare Tokio v1.24.1 (#5357)
    • 8d8db27 tokio: add load and compare_exchange_weak to loom StaticAtomicU64 (#5356)
    • dfe252d chore: prepare Tokio v1.24.0 release (#5353)
    • 21b233f test: bump version of async-stream (#5347)
    • 7299304 Merge branch 'tokio-1.23.x' into master
    • 1a997ff chore: prepare Tokio v1.23.1 release
    • a8fe333 Merge branch 'tokio-1.20.x' into tokio-1.23.x
    • ba81945 chore: prepare Tokio 1.20.3 release
    • 763bdc9 ci: run WASI tasks using latest Rust
    • 9f98535 Merge remote-tracking branch 'origin/tokio-1.18.x' into fix-named-pipes-1.20
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(v0.5.0)
Owner
David Young
Mostly Rust and embedded systems
David Young
GitHub
Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes.

Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and a

Scott Lamb 3 Jun 10, 2022
Highly flexible library to manage and orchestrate JWT workflow

JWT Vault Highly flexible library to manage and orchestrate JWT workflow Examples | Website | Chat TODO Add more examples Improve coverage Features Ma

Saurav Gupta 65 Nov 8, 2022
A OAuth2 server library, for use in combination with actix or other frontends, featuring a set of configurable and pluggable backends.

oxide-auth A OAuth2 server library, for use in combination with common web servers, featuring a set of configurable and pluggable backends. About oxid

null 471 Dec 29, 2022
An oauth2 client implementation providing the Device, Installed and Service Account flows.

yup-oauth2 is a utility library which implements several OAuth 2.0 flows. It's mainly used by google-apis-rs, to authenticate against Google services.

Lewin Bormann 174 Dec 30, 2022
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfull

Google 2.4k Jan 2, 2023
Fast, simple and REST compliant file-server with public/private key authentication written in Rust

stormi Stormi is a fast and simple file-server with public/private key authentication How does it work? Stormi accepts multipart/form-data form with m

Polygon 2 Dec 8, 2022
Simple backend app with Actix-web, JWT and MongoDB

Actix Web JWT Example Simple backend app with Actix-web, JWT and MongoDB (JWT Token, Protect Route, Login & Register) While developing the web service

Emre 124 Dec 31, 2022
Tools for manipulating JSON Web Tokens, JWS, JWE, and JWK in Rust

Rusty JWT Tools A collection of JWT utilities. This repository is part of the source code of Wire. You can find more information at wire.com or by con

Wire Swiss GmbH 4 Nov 22, 2022
A set of Rust libraries to interact with apple's private APIs and servers.

apple-private-apis A set of Rust libraries to interact with apple's private APIs and servers, made for use in SideInstaller. Library Description omnis

SideStore Team 4 Jan 25, 2023
Simple crate to login to Pinterest and get the cookies via Chromiumoxide to simulate a browser

Simple crate to login to Pinterest and get the cookies via Chromiumoxide to simulate a browser (open a real browser actually), to use the Pinterest API without needing a developer account or an API key or anything that costs money :).

Anas 3 Oct 5, 2023