jwtear 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -19
- data/bin/jwtear +2 -1
- data/lib/jwtear/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 64f91b4e924b43dd19b0071db21dc93cdbf5b37a
|
4
|
+
data.tar.gz: 241b7dd36ea2fcee9bbf1644e08ae5eaf7ac1b03
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6592677502c4af5a925159651cbb47aa8e9798c9c38dc6fc580823ba186f125b7628774348620cf2f7442f5fea8e871578c8d79465daa3ab3ff03f1c85d9c055
|
7
|
+
data.tar.gz: 0f0f310463e42be3eda35d75f9d70fbac6c6eda2fd93fa735564aad6d04809793f764079669c1a10abfde563063613c4d8e5fa1eadede5d81ea2a73a4c4989b9
|
data/README.md
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# Jwtear
|
2
|
-
Command-line tool and library to parse, create and manipulate JWT tokens for security testing purposes.
|
2
|
+
Command-line tool and library to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes.
|
3
3
|
|
4
|
-
During working on exploiting some JWT-based application I needed some tool to make parsing and manipulating JWT token easier.
|
4
|
+
During working on exploiting some JWT-based application, I needed some tool to make parsing and manipulating JWT token easier.
|
5
5
|
|
6
6
|
## Installation
|
7
7
|
|
@@ -14,18 +14,17 @@ install it yourself as:
|
|
14
14
|
```
|
15
15
|
$> jwtear -h
|
16
16
|
|
17
|
-
|
18
17
|
888888 888 888 88888888888
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
888P"
|
18
|
+
"88b 888 o 888 888
|
19
|
+
888 888 d8b 888 888
|
20
|
+
888 888 d888b 888 888 .d88b. 8888b. 888d888
|
21
|
+
888 888d88888b888 888 d8P Y8b "88b 888P"
|
22
|
+
888 88888P Y88888 888 88888888 .d888888 888
|
23
|
+
88P 8888P Y8888 888 Y8b. 888 888 888
|
24
|
+
888 888P Y888 888 "Y8888 "Y888888 888
|
25
|
+
.d88P v0.1.0
|
26
|
+
.d88P"
|
27
|
+
888P"
|
29
28
|
JWTear - Parse, create and manipulate JWT tokens.
|
30
29
|
|
31
30
|
Help menu:
|
@@ -36,17 +35,20 @@ Help menu:
|
|
36
35
|
eg. {"typ":"JWT","alg":"HS256"} | Supported algorithms: [HS256, RS512, etc]
|
37
36
|
--payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
|
38
37
|
eg. {"login":"admin"}
|
39
|
-
--
|
40
|
-
|
38
|
+
--alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
|
39
|
+
Supported algorithms: [HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512]
|
40
|
+
--key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
|
41
|
+
eg. P@ssw0rd | eg. public_key.pem
|
41
42
|
-h, --help Show this help message
|
42
43
|
|
43
44
|
Usage:
|
44
|
-
|
45
|
+
jwtear <OPTIONS>
|
45
46
|
|
46
47
|
Example:
|
47
|
-
|
48
|
-
|
49
|
-
|
48
|
+
jwtear --generate-token --header '{"typ":"JWT","alg":" "}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
|
49
|
+
jwtear --generate-sig --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
|
50
|
+
jwtear --parse 'eyJwI...6IfJ9.kxrMS...MjAMm.zEybN...TU2Njk3ZmE3OA'
|
51
|
+
|
50
52
|
```
|
51
53
|
|
52
54
|
## Contributing
|
data/bin/jwtear
CHANGED
@@ -69,10 +69,11 @@ begin
|
|
69
69
|
jwt.payload.each {|key, value| puts " #{'-'.bold} #{key}: #{value}"}
|
70
70
|
puts "[+] ".dark_green + "Signature (envelope segment) - encoded:".bold.underline
|
71
71
|
puts "#{Base64.urlsafe_encode64(jwt.signature)}"
|
72
|
+
|
72
73
|
when options[:generate_token] && (options[:header] || options[:payload] || options[:key]).nil?
|
73
74
|
puts '[!] '.red + "Missing mandatory switch(es) '--header/--payload/--alg/--key'"
|
74
75
|
|
75
|
-
when options[:
|
76
|
+
when options[:generate_sig] && (options[:header] || options[:payload] || options[:key]).nil?
|
76
77
|
puts '[!] '.red + "Missing mandatory switch(es) '--header/--payload/--key'"
|
77
78
|
|
78
79
|
when options[:generate_token]
|
data/lib/jwtear/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwtear
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- KING SABRI
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-01-
|
11
|
+
date: 2018-01-11 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: JWTear, command-line tool and library to parse, create and manipulate
|
14
14
|
JWT tokens for security testing purposes.
|