jwtear 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +21 -19
  3. data/bin/jwtear +2 -1
  4. data/lib/jwtear/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4bd6308c71a62710f83b4fe948bb9548de5cebef
4
- data.tar.gz: 3c04480e04b3469e40a5cede5a09c8db727e9cbe
3
+ metadata.gz: 64f91b4e924b43dd19b0071db21dc93cdbf5b37a
4
+ data.tar.gz: 241b7dd36ea2fcee9bbf1644e08ae5eaf7ac1b03
5
5
  SHA512:
6
- metadata.gz: ca0c937b0abec2482997108633039078c5dc0691b6eedd9fa71a7e2dc68a9a4b61f0b1d3427ac16625b3bd28e20764bfb9b78ef06d48e30c18f8d1319de6556f
7
- data.tar.gz: 1914d144b8c6fc0b84b040b132d9dbda8ffa50789148eaec75f621991be9bd38712459a86bc90dc91a0e727364d96bfe87d70f2e54c7cc73617b813f64cebff7
6
+ metadata.gz: 6592677502c4af5a925159651cbb47aa8e9798c9c38dc6fc580823ba186f125b7628774348620cf2f7442f5fea8e871578c8d79465daa3ab3ff03f1c85d9c055
7
+ data.tar.gz: 0f0f310463e42be3eda35d75f9d70fbac6c6eda2fd93fa735564aad6d04809793f764079669c1a10abfde563063613c4d8e5fa1eadede5d81ea2a73a4c4989b9
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Jwtear
2
- Command-line tool and library to parse, create and manipulate JWT tokens for security testing purposes.
2
+ Command-line tool and library to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes.
3
3
 
4
- During working on exploiting some JWT-based application I needed some tool to make parsing and manipulating JWT token easier.
4
+ During working on exploiting some JWT-based application, I needed some tool to make parsing and manipulating JWT token easier.
5
5
 
6
6
  ## Installation
7
7
 
@@ -14,18 +14,17 @@ install it yourself as:
14
14
  ```
15
15
  $> jwtear -h
16
16
 
17
-
18
17
  888888 888 888 88888888888
19
- "88b 888 o 888 888
20
- 888 888 d8b 888 888
21
- 888 888 d888b 888 888 .d88b. 8888b. 888d888
22
- 888 888d88888b888 888 d8P Y8b "88b 888P"
23
- 888 88888P Y88888 888 88888888 .d888888 888
24
- 88P 8888P Y8888 888 Y8b. 888 888 888
25
- 888 888P Y888 888 "Y8888 "Y888888 888
26
- .d88P v0.1.0
27
- .d88P"
28
- 888P"
18
+ "88b 888 o 888 888
19
+ 888 888 d8b 888 888
20
+ 888 888 d888b 888 888 .d88b. 8888b. 888d888
21
+ 888 888d88888b888 888 d8P Y8b "88b 888P"
22
+ 888 88888P Y88888 888 88888888 .d888888 888
23
+ 88P 8888P Y8888 888 Y8b. 888 888 888
24
+ 888 888P Y888 888 "Y8888 "Y888888 888
25
+ .d88P v0.1.0
26
+ .d88P"
27
+ 888P"
29
28
  JWTear - Parse, create and manipulate JWT tokens.
30
29
 
31
30
  Help menu:
@@ -36,17 +35,20 @@ Help menu:
36
35
  eg. {"typ":"JWT","alg":"HS256"} | Supported algorithms: [HS256, RS512, etc]
37
36
  --payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
38
37
  eg. {"login":"admin"}
39
- --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig)
40
- eg. P@ssw0rd
38
+ --alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
39
+ Supported algorithms: [HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512]
40
+ --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
41
+ eg. P@ssw0rd | eg. public_key.pem
41
42
  -h, --help Show this help message
42
43
 
43
44
  Usage:
44
- ruby jwtear.rb <OPTIONS>
45
+ jwtear <OPTIONS>
45
46
 
46
47
  Example:
47
- ruby jwtear.rb --generate-token --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
48
- ruby jwtear.rb --generate-sig --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
49
- ruby jwtear.rb --parse 'eyJwI...6IfJ9.kxrMS...MjAMm.zEybN...TU2Njk3ZmE3OA'
48
+ jwtear --generate-token --header '{"typ":"JWT","alg":" "}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
49
+ jwtear --generate-sig --header '{"typ":"JWT","alg":"HS256"}' --payload '{"login":"admin"}' --key 'P@ssw0rd!'
50
+ jwtear --parse 'eyJwI...6IfJ9.kxrMS...MjAMm.zEybN...TU2Njk3ZmE3OA'
51
+
50
52
  ```
51
53
 
52
54
  ## Contributing
data/bin/jwtear CHANGED
@@ -69,10 +69,11 @@ begin
69
69
  jwt.payload.each {|key, value| puts " #{'-'.bold} #{key}: #{value}"}
70
70
  puts "[+] ".dark_green + "Signature (envelope segment) - encoded:".bold.underline
71
71
  puts "#{Base64.urlsafe_encode64(jwt.signature)}"
72
+
72
73
  when options[:generate_token] && (options[:header] || options[:payload] || options[:key]).nil?
73
74
  puts '[!] '.red + "Missing mandatory switch(es) '--header/--payload/--alg/--key'"
74
75
 
75
- when options[:generate_gen] && (options[:header] || options[:payload] || options[:key]).nil?
76
+ when options[:generate_sig] && (options[:header] || options[:payload] || options[:key]).nil?
76
77
  puts '[!] '.red + "Missing mandatory switch(es) '--header/--payload/--key'"
77
78
 
78
79
  when options[:generate_token]
data/lib/jwtear/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module JWTear
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwtear
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - KING SABRI
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-10 00:00:00.000000000 Z
11
+ date: 2018-01-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: JWTear, command-line tool and library to parse, create and manipulate
14
14
  JWT tokens for security testing purposes.