jwtear 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +21 -19
  3. data/bin/jwtear +2 -1
  4. data/lib/jwtear/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4bd6308c71a62710f83b4fe948bb9548de5cebef
4
- data.tar.gz: 3c04480e04b3469e40a5cede5a09c8db727e9cbe
3
+ metadata.gz: 64f91b4e924b43dd19b0071db21dc93cdbf5b37a
4
+ data.tar.gz: 241b7dd36ea2fcee9bbf1644e08ae5eaf7ac1b03
5
5
  SHA512:
6
- metadata.gz: ca0c937b0abec2482997108633039078c5dc0691b6eedd9fa71a7e2dc68a9a4b61f0b1d3427ac16625b3bd28e20764bfb9b78ef06d48e30c18f8d1319de6556f
7
- data.tar.gz: 1914d144b8c6fc0b84b040b132d9dbda8ffa50789148eaec75f621991be9bd38712459a86bc90dc91a0e727364d96bfe87d70f2e54c7cc73617b813f64cebff7
6
+ metadata.gz: 6592677502c4af5a925159651cbb47aa8e9798c9c38dc6fc580823ba186f125b7628774348620cf2f7442f5fea8e871578c8d79465daa3ab3ff03f1c85d9c055
7
+ data.tar.gz: 0f0f310463e42be3eda35d75f9d70fbac6c6eda2fd93fa735564aad6d04809793f764079669c1a10abfde563063613c4d8e5fa1eadede5d81ea2a73a4c4989b9
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Jwtear
2
- Command-line tool and library to parse, create and manipulate JWT tokens for security testing purposes.
2
+ Command-line tool and library to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes.
3
3
 
4
- During working on exploiting some JWT-based application I needed some tool to make parsing and manipulating JWT token easier.
4
+ During working on exploiting some JWT-based application, I needed some tool to make parsing and manipulating JWT token easier.
5
5
 
6
6
  ## Installation
7
7
 
@@ -14,18 +14,17 @@ install it yourself as:
14
14
  ```
15
15
  $> jwtear -h
16
16
 
17
-
18
17
  888888 888 888 88888888888
19
- "88b 888 o 888 888
20
- 888 888 d8b 888 888
21
- 888 888 d888b 888 888 .d88b. 8888b. 888d888
22
- 888 888d88888b888 888 d8P Y8b "88b 888P"
23
- 888 88888P Y88888 888 88888888 .d888888 888
24
- 88P 8888P Y8888 888 Y8b. 888 888 888
25
- 888 888P Y888 888 "Y8888 "Y888888 888
26
- .d88P v0.1.0
27
- .d88P"
28
- 888P"
18
+ "88b 888 o 888 888
19
+ 888 888 d8b 888 888
20
+ 888 888 d888b 888 888 .d88b. 8888b. 888d888
21
+ 888 888d88888b888 888 d8P Y8b "88b 888P"
22
+ 888 88888P Y88888 888 88888888 .d888888 888
23
+ 88P 8888P Y8888 888 Y8b. 888 888 888
24
+ 888 888P Y888 888 "Y8888 "Y888888 888
25
+ .d88P v0.1.0
26
+ .d88P"
27
+ 888P"
29
28
  JWTear - Parse, create and manipulate JWT tokens.
30
29
 
31
30
  Help menu:
@@ -36,17 +35,20 @@ Help menu:
36
35
  eg. {"typ":"JWT","alg":"HS256"} | Supported algorithms: [HS256, RS512, etc]
37
36
  --payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
38
37
  eg. {"login":"admin"}
39
- --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig)
40
- eg. P@ssw0rd
38
+ --alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
39
+ Supported algorithms: [HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512]
40
+ --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
41
+ eg. P@ssw0rd | eg. public_key.pem
41
42
  -h, --help Show this help message
42
43
 
43
44
  Usage:
44
- ruby jwtear.rb <OPTIONS>
45
+ jwtear <OPTIONS>
45
46
 
46
47
  Example:
47
- ruby jwtear.rb --generate-token --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
48
- ruby jwtear.rb --generate-sig --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
49
- ruby jwtear.rb --parse 'eyJwI...6IfJ9.kxrMS...MjAMm.zEybN...TU2Njk3ZmE3OA'
48
+ jwtear --generate-token --header '{"typ":"JWT","alg":" "}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
49
+ jwtear --generate-sig --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
50
+ jwtear --parse 'eyJwI...6IfJ9.kxrMS...MjAMm.zEybN...TU2Njk3ZmE3OA'
51
+
50
52
  ```
51
53
 
52
54
  ## Contributing
data/bin/jwtear CHANGED
@@ -69,10 +69,11 @@ begin
69
69
  jwt.payload.each {|key, value| puts " #{'-'.bold} #{key}: #{value}"}
70
70
  puts "[+] ".dark_green + "Signature (envelope segment) - encoded:".bold.underline
71
71
  puts "#{Base64.urlsafe_encode64(jwt.signature)}"
72
+
72
73
  when options[:generate_token] && (options[:header] || options[:payload] || options[:key]).nil?
73
74
  puts '[!] '.red + "Missing mandatory switch(es) '--header/--payload/--alg/--key'"
74
75
 
75
- when options[:generate_gen] && (options[:header] || options[:payload] || options[:key]).nil?
76
+ when options[:generate_sig] && (options[:header] || options[:payload] || options[:key]).nil?
76
77
  puts '[!] '.red + "Missing mandatory switch(es) '--header/--payload/--key'"
77
78
 
78
79
  when options[:generate_token]
data/lib/jwtear/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module JWTear
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwtear
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - KING SABRI
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-10 00:00:00.000000000 Z
11
+ date: 2018-01-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: JWTear, command-line tool and library to parse, create and manipulate
14
14
  JWT tokens for security testing purposes.