jwtear 0.2.0 → 1.0.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
metadata CHANGED
@@ -1,17 +1,99 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwtear
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 1.0.0.pre
5
5
  platform: ruby
6
6
  authors:
7
7
  - KING SABRI
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-27 00:00:00.000000000 Z
12
- dependencies: []
13
- description: JWTear, command-line tool and library to parse, create and manipulate
14
- JWT tokens for security testing purposes.
11
+ date: 2019-10-04 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: gli
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.19'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 2.19.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '2.19'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 2.19.0
33
+ - !ruby/object:Gem::Dependency
34
+ name: json-jwt
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: '1.10'
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ version: 1.10.2
43
+ type: :runtime
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - "~>"
48
+ - !ruby/object:Gem::Version
49
+ version: '1.10'
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: 1.10.2
53
+ - !ruby/object:Gem::Dependency
54
+ name: jwe
55
+ requirement: !ruby/object:Gem::Requirement
56
+ requirements:
57
+ - - "~>"
58
+ - !ruby/object:Gem::Version
59
+ version: 0.4.0
60
+ type: :runtime
61
+ prerelease: false
62
+ version_requirements: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - "~>"
65
+ - !ruby/object:Gem::Version
66
+ version: 0.4.0
67
+ - !ruby/object:Gem::Dependency
68
+ name: tty-markdown
69
+ requirement: !ruby/object:Gem::Requirement
70
+ requirements:
71
+ - - "~>"
72
+ - !ruby/object:Gem::Version
73
+ version: 0.6.0
74
+ type: :runtime
75
+ prerelease: false
76
+ version_requirements: !ruby/object:Gem::Requirement
77
+ requirements:
78
+ - - "~>"
79
+ - !ruby/object:Gem::Version
80
+ version: 0.6.0
81
+ - !ruby/object:Gem::Dependency
82
+ name: tty-pager
83
+ requirement: !ruby/object:Gem::Requirement
84
+ requirements:
85
+ - - "~>"
86
+ - !ruby/object:Gem::Version
87
+ version: 0.12.1
88
+ type: :runtime
89
+ prerelease: false
90
+ version_requirements: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - "~>"
93
+ - !ruby/object:Gem::Version
94
+ version: 0.12.1
95
+ description: JWTear, a modular command-line tool to parse, create and manipulate JWT
96
+ tokens for security testing purposes.
15
97
  email:
16
98
  - king.sabri@gmail.com
17
99
  executables:
@@ -20,20 +102,27 @@ extensions: []
20
102
  extra_rdoc_files: []
21
103
  files:
22
104
  - ".gitignore"
105
+ - CODE_OF_CONDUCT.md
23
106
  - Gemfile
24
- - LICENSE.txt
107
+ - Gemfile.lock
25
108
  - README.md
26
109
  - Rakefile
27
110
  - bin/jwtear
28
111
  - jwtear.gemspec
29
112
  - lib/jwtear.rb
30
- - lib/jwtear/algorithms.rb
31
113
  - lib/jwtear/errors.rb
32
- - lib/jwtear/extensions.rb
33
- - lib/jwtear/jwt.rb
34
- - lib/jwtear/utils.rb
114
+ - lib/jwtear/helpers/extensions.rb
115
+ - lib/jwtear/helpers/utils.rb
116
+ - lib/jwtear/jwe.rb
117
+ - lib/jwtear/jws.rb
118
+ - lib/jwtear/token.rb
35
119
  - lib/jwtear/version.rb
36
- - modules/bruteforce.rb
120
+ - plugins/bruteforce.rb
121
+ - plugins/generate.rb
122
+ - plugins/parse.rb
123
+ - plugins/plugin-template.rb
124
+ - plugins/wiki.rb
125
+ - plugins/wiki/README.md
37
126
  homepage: https://github.com/KINGSABRI/jwtear
38
127
  licenses:
39
128
  - MIT
@@ -49,14 +138,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
49
138
  version: '0'
50
139
  required_rubygems_version: !ruby/object:Gem::Requirement
51
140
  requirements:
52
- - - ">="
141
+ - - ">"
53
142
  - !ruby/object:Gem::Version
54
- version: '0'
143
+ version: 1.3.1
55
144
  requirements: []
56
145
  rubyforge_project:
57
- rubygems_version: 2.6.13
146
+ rubygems_version: 2.7.6.2
58
147
  signing_key:
59
148
  specification_version: 4
60
- summary: JWTear, command-line tool and library to parse, create and manipulate JWT
61
- tokens for security testing purposes.
149
+ summary: JWTear, a modular command-line tool to parse, create and manipulate JWT tokens
150
+ for security testing purposes.
62
151
  test_files: []
@@ -1,21 +0,0 @@
1
- The MIT License (MIT)
2
-
3
- Copyright (c) 2018 KING SABRI
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in
13
- all copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
- THE SOFTWARE.
@@ -1,83 +0,0 @@
1
- module JWTear
2
-
3
- # Algorithms module contains all algorithms that are supported for this lib
4
- # @Note if you are looking for production library, please use jwt gem
5
- #
6
- module Algorithms
7
-
8
- # sha generates SHA signature
9
- #
10
- # @param data [String]
11
- # the data you want to encrypt or make signature for.
12
- # @param alg [String]
13
- # the algorithm you want. @example: SHA256, SHA384, SHA512
14
- # @param key [String]
15
- #
16
- # @return [String] SHA signature
17
- #
18
- def sha(data, alg, key)
19
- raise AlgorithmRequiresKeyError if key.nil?
20
- digit = /[[:digit:]]+/
21
- OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'.sub(digit, alg[digit])), key, data)
22
- end
23
-
24
- # rsa generates RSA signature
25
- #
26
- # @param data [String]
27
- # the data you want to encrypt or make signature for.
28
- # @param alg [String]
29
- # the algorithm you want. @example: RSA256, RSA384, RSA512
30
- # @return [Hash]
31
- # of public_key, private_key and signature
32
- #
33
- def rsa(data, alg)
34
- rsa_private = OpenSSL::PKey::RSA.generate(2048)
35
- rsa_public = @rsa_private.public_key
36
- signature = @rsa_private.sign(OpenSSL::Digest.new(alg.sub('RS', 'sha')), data)
37
-
38
- {public_key: rsa_public, private_key: rsa_private, signature: signature}
39
- # FIXME: need to sign using public key
40
- # cert = File.open('pub_cert.pem').read
41
- # @public_key = OpenSSL::PKey::RSA.new(cert)
42
- # raise 'Not a public certificate' unless public_key.public?
43
- end
44
-
45
- # ecdsa generates ESDSA signature
46
- #
47
- # @param data [String]
48
- # @param alg [String]
49
- # @return [String] of ESDSA signature
50
- #
51
- def ecdsa(data, alg)
52
- # TODO:
53
- # - fixme
54
- # - support P-256 as SHA256
55
- ecdsa_key = OpenSSL::PKey::EC.new('prime256v1')
56
- ecdsa_key.generate_key
57
- ecdsa_public = OpenSSL::PKey::EC.new(ecdsa_key)
58
- ecdsa_public.private_key = nil
59
- end
60
-
61
- # Just None encryption
62
- #
63
- # @return [String]
64
- # empty string if none algorithm, yes it happens in JWT
65
- def none
66
- ''
67
- end
68
-
69
- # List of supported algorithms
70
- #
71
- # @return [Hash]
72
- #
73
- def supported_algorithms
74
- {
75
- None: [],
76
- SHA: %w{HS256 HS384 HS512},
77
- RSA: %w{RS256 RS384 RS512},
78
- ESDSA: %w{ES256 ES384 ES512}
79
- }
80
- end
81
-
82
- end
83
- end
@@ -1,41 +0,0 @@
1
- module JWTear
2
- module Extensions
3
- module Core
4
- module String
5
- def red; colorize(self, "\e[1m\e[31m"); end
6
- def green; colorize(self, "\e[1m\e[32m"); end
7
- def dark_green; colorize(self, "\e[32m"); end
8
- def yellow; colorize(self, "\e[1m\e[33m"); end
9
- def blue; colorize(self, "\e[1m\e[34m"); end
10
- def dark_blue; colorize(self, "\e[34m"); end
11
- def purple; colorize(self, "\e[35m"); end
12
- def dark_purple; colorize(self, "\e[1;35m"); end
13
- def cyan; colorize(self, "\e[1;36m"); end
14
- def dark_cyan; colorize(self, "\e[36m"); end
15
- def pure; colorize(self, "\e[0m\e[28m"); end
16
- def underline; colorize(self, "\e[4m"); end
17
- def bold; colorize(self, "\e[1m"); end
18
- def colorize(text, color_code) "#{color_code}#{text}\e[0m" end
19
- end
20
-
21
- # module NilClass
22
- # def puts(type=nil, arg)
23
- # case type
24
- # when nil
25
- # puts arg
26
- # when :error
27
- # puts '[x] '.red + arg
28
- # when :warning
29
- # puts '[!] '.yellow + arg
30
- # when :success
31
- # puts '[x] '.green.bold + arg
32
- # when :status
33
- # puts '[x] '.green + arg
34
- # else
35
- # puts arg
36
- # end
37
- # end
38
- # end
39
- end
40
- end
41
- end
@@ -1,129 +0,0 @@
1
- require 'jwtear/algorithms'
2
- require 'jwtear/utils'
3
-
4
- module JWTear
5
- class JWT
6
- include JWTear::Extensions
7
- include JWTear::Algorithms
8
- include JWTear::Utils
9
-
10
- # @!attribute [rw] token [String] generated or parsed token
11
- # @!attribute [rw] header [Hash]
12
- # @!attribute [rw] payload [Hash]
13
- attr_accessor :token, :header, :payload
14
- # @!attribute [rw] alg [String] generated or parsed algorithm
15
- # @!attribute [rw] key [String] given encryption key
16
- # @!attribute [rw] data [String] given or parsed data
17
- attr_accessor :alg, :key, :data
18
- # @!attribute [r] json [JSON] given or parsed json
19
- # @!attribute [r] hash [Hash] hash result of parsing given or generated json
20
- attr_reader :json, :hash
21
- # @!attribute [r] signature [String] generated or parsed signature.
22
- # @!attribute [r] rsa_private [String] generated private private key
23
- # @!attribute [r] rsa_public [String] generated or given public key
24
- attr_reader :signature, :rsa_private, :rsa_public
25
-
26
- def initialize(token='')
27
- @token = token
28
- @key = nil
29
- end
30
-
31
- # parse a given token.
32
- # The main use of it is to parse and initiate header, payload, type, alg, signature values
33
- #
34
- # @param token String
35
- def parse(token=@token)
36
- is_token?(token)
37
- _token = token.split('.')
38
- @header = JSON.parse(decode(_token[0]))
39
- @type, @alg = @header['typ'], @header['alg']
40
- @payload = JSON.parse(decode(_token[1]))
41
- @signature = decode(_token[2]) unless (_token[2].nil? or _token[2].empty?)
42
- set_hash_and_json
43
- end
44
-
45
- # build the hash and Json format from the parsed or generated token
46
- def set_hash_and_json
47
- @hash = {header: @header, payload: @payload, signature: encode(@signature)}
48
- @json = "#{@header.to_json}.#{@payload.to_json}.#{encode(@signature)}"
49
- end
50
-
51
- # generate signature
52
- #
53
- # @param data [String]. 'Base64.encode(header)'.'Base64.encode(payload)'>
54
- # @param alg [String] supported algorithms: @see [Algorithms#supported_algorithms]
55
- # @param key String
56
- #
57
- # @return [Self] the generate signature
58
- #
59
- def generate_sig(data, alg, key)
60
- begin
61
- case alg
62
- when /^HS/
63
- @signature = sha(data, alg, key)
64
- when /^RS/
65
- rsa = rsa(data, alg)
66
- @rsa_public = rsa[:public_key]
67
- @rsa_private = rsa[:private_key]
68
- @signature = rsa[:signature]
69
- when /^ES/
70
- @signature = ecdsa(data, alg)
71
- when /none/i
72
- @signature = none
73
- else
74
- raise AlgorithmUnknownError
75
- end
76
- rescue AlgorithmUnknownError
77
- puts "[x] ".red + "algorithm cannot be nil, empty or unsupported, Use: '--alg ALGORITHM' option"
78
- puts "[!] ".yellow + 'Supported Algorithms:'
79
- supported_algorithms.each_pair do |alg_key, alg_val|
80
- puts alg_key, alg_val.map{|_alg| " #{_alg}" }
81
- end
82
- exit!
83
- rescue AlgorithmRequiresKeyError
84
- puts "[x] ".red + "key cannot be nil or empty, Use: '--key SECRET_KEY' option"
85
- exit!
86
- rescue Exception => e
87
- puts "[x] ".red + "Unknown Exception: generate_sig"
88
- puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
89
- puts e
90
- puts e.backtrace
91
- end
92
-
93
- self
94
- end
95
-
96
- # generate JWT token
97
- # by default, generate_token uses the given json header to detect the algorithm.
98
- # But it also accept to ignore that and force it to you another algorithm.
99
- #
100
- # @return [String] the generated token
101
- #
102
- def generate_token
103
- begin
104
- @header = JSON.parse(@header) unless @header.is_a?(Hash)
105
- @payload = JSON.parse(@payload) unless @payload.is_a?(Hash)
106
- @alg = @header['alg'] if @alg.nil? # if algorithm not forced, take if from the header
107
-
108
- header_encoded = encode(@header.to_json)
109
- payload_encoded = encode(@payload.to_json)
110
- data = "#{header_encoded}.#{payload_encoded}"
111
- signature_encoded = encode(generate_sig(data, @alg, @key).signature)
112
- token = [header_encoded, payload_encoded, signature_encoded].join('.')
113
-
114
- set_hash_and_json
115
- token
116
- rescue JSON::ParserError => e
117
- puts '[x] '.red + "Invalid JSON: #{e.message}"
118
- puts "[!] ".yellow + "Make sure you've single quoted your input: eg. --header #{"'".bold}{\"type\":\"JWT\",\"alg\":\"HS256\"}#{"'".bold}"
119
- exit!
120
- rescue Exception => e
121
- puts "[x] ".red + "Unknown Exception: generate_sig"
122
- puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
123
- puts e
124
- puts e.backtrace
125
- end
126
- end
127
-
128
- end
129
- end
@@ -1,57 +0,0 @@
1
- module JWTear
2
- module Utils
3
-
4
- # Check latest version
5
- def latest_version
6
- begin
7
- current_version = JWTear::VERSION
8
- rubygem_api = JSON.parse open("https://rubygems.org/api/v1/versions/jwtear.json").read
9
- remote_version = rubygem_api.first["number"]
10
- latest = remote_version.eql?(current_version)? true : false
11
-
12
- latest ? current_version : remote_version
13
- rescue Exception => e
14
- puts "[!] ".yellow + " Couldn't check the latest version, please check internet connectivity."
15
- exit!
16
- end
17
- end
18
-
19
- # check token format
20
- def is_token?(token)
21
- begin
22
- token_size = token.split('.').size
23
- raise InvalidTokenError if token_size < 2
24
- rescue InvalidTokenError
25
- puts '[!] '.red + "Invalid token: #{token}"
26
- exit!
27
- end
28
- end
29
-
30
- def encode(data)
31
- Base64.urlsafe_encode64(data, padding: false) unless data.nil?
32
- end
33
-
34
- def decode(data)
35
- Base64.urlsafe_decode64(data)
36
- end
37
-
38
- # def encode_header_payload_signature(header, payload, signature)
39
- # [header, payload, signature].map {|part| encode part}.join('.')
40
- # end
41
-
42
- # JWTear's logo
43
- def self.banner
44
- %Q{\n 888888 888 888 88888888888
45
- "88b 888 o 888 888
46
- 888 888 d8b 888 888
47
- 888 888 d888b 888 888 .d88b. 8888b. 888d888
48
- 888 888d88888b888 888 d8P Y8b "88b 888P"
49
- 888 88888P Y88888 888 88888888 .d888888 888
50
- 88P 8888P Y8888 888 Y8b. 888 888 888
51
- 888 888P Y888 888 "Y8888 "Y888888 888
52
- .d88P v#{JWTear::VERSION}
53
- .d88P"
54
- 888P" }
55
- end
56
- end
57
- end