jwtear 0.2.0 → 1.0.0.pre

metadata

@@ -1,17 +1,99 @@
 --- !ruby/object:Gem::Specification
 name: jwtear
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 1.0.0.pre
 platform: ruby
 authors:
 - KING SABRI
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-27 00:00:00.000000000 Z
-dependencies: []
-description: JWTear, command-line tool and library to parse, create and manipulate
-  JWT tokens for security testing purposes.
+date: 2019-10-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.19'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.19.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.19'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.19.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.10.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.10.2
+- !ruby/object:Gem::Dependency
+  name: jwe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+- !ruby/object:Gem::Dependency
+  name: tty-markdown
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+- !ruby/object:Gem::Dependency
+  name: tty-pager
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.1
+description: JWTear, a modular command-line tool to parse, create and manipulate JWT
+  tokens for security testing purposes.
 email:
 - king.sabri@gmail.com
 executables:
@@ -20,20 +102,27 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- CODE_OF_CONDUCT.md
 - Gemfile
-- LICENSE.txt
+- Gemfile.lock
 - README.md
 - Rakefile
 - bin/jwtear
 - jwtear.gemspec
 - lib/jwtear.rb
-- lib/jwtear/algorithms.rb
 - lib/jwtear/errors.rb
-- lib/jwtear/extensions.rb
-- lib/jwtear/jwt.rb
-- lib/jwtear/utils.rb
+- lib/jwtear/helpers/extensions.rb
+- lib/jwtear/helpers/utils.rb
+- lib/jwtear/jwe.rb
+- lib/jwtear/jws.rb
+- lib/jwtear/token.rb
 - lib/jwtear/version.rb
-- modules/bruteforce.rb
+- plugins/bruteforce.rb
+- plugins/generate.rb
+- plugins/parse.rb
+- plugins/plugin-template.rb
+- plugins/wiki.rb
+- plugins/wiki/README.md
 homepage: https://github.com/KINGSABRI/jwtear
 licenses:
 - MIT
@@ -49,14 +138,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
-summary: JWTear, command-line tool and library to parse, create and manipulate JWT
-  tokens for security testing purposes.
+summary: JWTear, a modular command-line tool to parse, create and manipulate JWT tokens
+  for security testing purposes.
 test_files: []

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2018 KING SABRI
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

data/lib/jwtear/algorithms.rb

@@ -1,83 +0,0 @@
-module  JWTear
-
-  # Algorithms module contains all algorithms that are supported for this lib
-  # @Note if you are looking for production library, please use jwt gem
-  #
-  module Algorithms
-
-    # sha generates SHA signature
-    #
-    # @param data [String]
-    #   the data you want to encrypt or make signature for.
-    # @param alg [String]
-    #   the algorithm you want. @example: SHA256, SHA384, SHA512
-    # @param key [String]
-    #
-    # @return [String] SHA signature
-    #
-    def sha(data, alg, key)
-      raise AlgorithmRequiresKeyError if key.nil?
-      digit = /[[:digit:]]+/
-      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'.sub(digit, alg[digit])), key, data)
-    end
-
-    # rsa generates RSA signature
-    #
-    # @param data [String]
-    #   the data you want to encrypt or make signature for.
-    # @param alg [String]
-    #   the algorithm you want. @example: RSA256, RSA384, RSA512
-    # @return [Hash]
-    #   of public_key, private_key and signature
-    #
-    def rsa(data, alg)
-      rsa_private = OpenSSL::PKey::RSA.generate(2048)
-      rsa_public  = @rsa_private.public_key
-      signature   = @rsa_private.sign(OpenSSL::Digest.new(alg.sub('RS', 'sha')), data)
-
-      {public_key: rsa_public, private_key: rsa_private, signature: signature}
-      # FIXME: need to sign using public key
-      # cert   = File.open('pub_cert.pem').read
-      # @public_key = OpenSSL::PKey::RSA.new(cert)
-      # raise 'Not a public certificate' unless public_key.public?
-    end
-
-    # ecdsa generates ESDSA signature
-    #
-    # @param data [String]
-    # @param alg [String]
-    # @return [String] of ESDSA signature
-    #
-    def ecdsa(data, alg)
-      # TODO:
-      #   - fixme
-      #   - support P-256 as SHA256
-      ecdsa_key = OpenSSL::PKey::EC.new('prime256v1')
-      ecdsa_key.generate_key
-      ecdsa_public = OpenSSL::PKey::EC.new(ecdsa_key)
-      ecdsa_public.private_key = nil
-    end
-
-    # Just None encryption
-    #
-    # @return [String]
-    #   empty string if none algorithm, yes it happens in JWT
-    def none
-      ''
-    end
-
-    # List of supported algorithms
-    #
-    # @return [Hash]
-    #
-    def supported_algorithms
-      {
-          None:  [],
-          SHA:   %w{HS256 HS384 HS512},
-          RSA:   %w{RS256 RS384 RS512},
-          ESDSA: %w{ES256 ES384 ES512}
-      }
-    end
-
-  end
-end

data/lib/jwtear/extensions.rb

@@ -1,41 +0,0 @@
-module JWTear
-  module Extensions
-    module Core
-      module String
-        def red; colorize(self, "\e[1m\e[31m"); end
-        def green; colorize(self, "\e[1m\e[32m"); end
-        def dark_green; colorize(self, "\e[32m"); end
-        def yellow; colorize(self, "\e[1m\e[33m"); end
-        def blue; colorize(self, "\e[1m\e[34m"); end
-        def dark_blue; colorize(self, "\e[34m"); end
-        def purple; colorize(self, "\e[35m"); end
-        def dark_purple; colorize(self, "\e[1;35m"); end
-        def cyan; colorize(self, "\e[1;36m"); end
-        def dark_cyan; colorize(self, "\e[36m"); end
-        def pure; colorize(self, "\e[0m\e[28m"); end
-        def underline; colorize(self, "\e[4m"); end
-        def bold; colorize(self, "\e[1m"); end
-        def colorize(text, color_code) "#{color_code}#{text}\e[0m" end
-      end
-
-      # module NilClass
-      #   def puts(type=nil, arg)
-      #     case type
-      #       when nil
-      #         puts arg
-      #       when :error
-      #         puts '[x] '.red + arg
-      #       when :warning
-      #         puts '[!] '.yellow + arg
-      #       when :success
-      #         puts '[x] '.green.bold + arg
-      #       when :status
-      #         puts '[x] '.green + arg
-      #       else
-      #         puts arg
-      #     end
-      #   end
-      # end
-    end
-  end
-end

data/lib/jwtear/jwt.rb

@@ -1,129 +0,0 @@
-require 'jwtear/algorithms'
-require 'jwtear/utils'
-
-module JWTear
-  class JWT
-    include JWTear::Extensions
-    include JWTear::Algorithms
-    include JWTear::Utils
-
-    # @!attribute [rw] token [String] generated or parsed token
-    # @!attribute [rw] header [Hash]
-    # @!attribute [rw] payload [Hash]
-    attr_accessor :token, :header, :payload
-    # @!attribute [rw] alg [String] generated or parsed algorithm
-    # @!attribute [rw] key [String] given encryption key
-    # @!attribute [rw] data [String] given or parsed data
-    attr_accessor :alg, :key, :data
-    # @!attribute [r] json [JSON] given or parsed json
-    # @!attribute [r] hash [Hash] hash result of parsing given or generated json
-    attr_reader :json, :hash
-    # @!attribute [r] signature [String] generated or parsed signature.
-    # @!attribute [r] rsa_private [String] generated private private key
-    # @!attribute [r] rsa_public [String] generated or given public key
-    attr_reader :signature, :rsa_private, :rsa_public
-
-    def initialize(token='')
-      @token = token
-      @key   = nil
-    end
-
-    # parse a given token.
-    #   The main use of it is to parse and initiate header, payload, type, alg, signature values
-    #
-    # @param token String
-    def parse(token=@token)
-      is_token?(token)
-      _token = token.split('.')
-      @header     = JSON.parse(decode(_token[0]))
-      @type, @alg = @header['typ'], @header['alg']
-      @payload    = JSON.parse(decode(_token[1]))
-      @signature  = decode(_token[2]) unless (_token[2].nil? or _token[2].empty?)
-      set_hash_and_json
-    end
-
-    # build the hash and Json format from the parsed or generated token
-    def set_hash_and_json
-      @hash       = {header: @header, payload: @payload, signature: encode(@signature)}
-      @json       = "#{@header.to_json}.#{@payload.to_json}.#{encode(@signature)}"
-    end
-
-    # generate signature
-    #
-    # @param data [String]. 'Base64.encode(header)'.'Base64.encode(payload)'>
-    # @param alg [String] supported algorithms: @see [Algorithms#supported_algorithms]
-    # @param key String
-    #
-    # @return [Self] the generate signature
-    #
-    def generate_sig(data, alg, key)
-      begin
-        case alg
-          when /^HS/
-            @signature = sha(data, alg, key)
-          when /^RS/
-            rsa = rsa(data, alg)
-            @rsa_public  = rsa[:public_key]
-            @rsa_private = rsa[:private_key]
-            @signature   = rsa[:signature]
-          when /^ES/
-            @signature = ecdsa(data, alg)
-          when /none/i
-            @signature = none
-          else
-            raise AlgorithmUnknownError
-        end
-      rescue AlgorithmUnknownError
-        puts "[x] ".red + "algorithm cannot be nil, empty or unsupported, Use: '--alg ALGORITHM' option"
-        puts "[!] ".yellow   + 'Supported Algorithms:'
-        supported_algorithms.each_pair do |alg_key, alg_val|
-          puts alg_key, alg_val.map{|_alg| "  #{_alg}" }
-        end
-        exit!
-      rescue AlgorithmRequiresKeyError
-        puts "[x] ".red + "key cannot be nil or empty, Use: '--key SECRET_KEY' option"
-        exit!
-      rescue Exception => e
-        puts "[x] ".red + "Unknown Exception: generate_sig"
-        puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
-        puts e
-        puts e.backtrace
-      end
-
-      self
-    end
-
-    # generate JWT token
-    #   by default, generate_token uses the given json header to detect the algorithm.
-    #   But it also accept to ignore that and force it to you another algorithm.
-    #
-    # @return [String] the generated token
-    #
-    def generate_token
-      begin
-        @header   = JSON.parse(@header)  unless @header.is_a?(Hash)
-        @payload  = JSON.parse(@payload) unless @payload.is_a?(Hash)
-        @alg      = @header['alg'] if @alg.nil?   # if algorithm not forced, take if from the header
-
-        header_encoded    = encode(@header.to_json)
-        payload_encoded   = encode(@payload.to_json)
-        data              = "#{header_encoded}.#{payload_encoded}"
-        signature_encoded = encode(generate_sig(data, @alg, @key).signature)
-        token     = [header_encoded, payload_encoded, signature_encoded].join('.')
-
-        set_hash_and_json
-        token
-      rescue JSON::ParserError => e
-        puts '[x] '.red + "Invalid JSON: #{e.message}"
-        puts "[!] ".yellow + "Make sure you've single quoted your input: eg. --header #{"'".bold}{\"type\":\"JWT\",\"alg\":\"HS256\"}#{"'".bold}"
-        exit!
-      rescue Exception => e
-        puts "[x] ".red + "Unknown Exception: generate_sig"
-        puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
-        puts e
-        puts e.backtrace
-      end
-    end
-
-  end
-end

data/lib/jwtear/utils.rb

@@ -1,57 +0,0 @@
-module JWTear
-  module Utils
-
-    # Check latest version
-    def latest_version
-      begin
-        current_version = JWTear::VERSION
-        rubygem_api     = JSON.parse open("https://rubygems.org/api/v1/versions/jwtear.json").read
-        remote_version  = rubygem_api.first["number"]
-        latest          = remote_version.eql?(current_version)? true : false
-
-        latest ? current_version : remote_version
-      rescue Exception => e
-        puts "[!] ".yellow  + " Couldn't check the latest version, please check internet connectivity."
-        exit!
-      end
-    end
-
-    # check token format
-    def is_token?(token)
-      begin
-        token_size = token.split('.').size
-        raise InvalidTokenError if token_size < 2
-      rescue InvalidTokenError
-        puts '[!] '.red + "Invalid token: #{token}"
-        exit!
-      end
-    end
-    
-    def encode(data)
-      Base64.urlsafe_encode64(data, padding: false) unless data.nil?
-    end
-
-    def decode(data)
-      Base64.urlsafe_decode64(data)
-    end
-
-    # def encode_header_payload_signature(header, payload, signature)
-    #   [header, payload, signature].map {|part| encode part}.join('.')
-    # end
-
-    # JWTear's logo
-    def self.banner
-      %Q{\n    888888 888       888 88888888888
-      "88b 888   o   888     888
-       888 888  d8b  888     888
-       888 888 d888b 888     888   .d88b.   8888b.  888d888
-       888 888d88888b888     888  d8P  Y8b     "88b 888P"
-       888 88888P Y88888     888  88888888 .d888888 888
-       88P 8888P   Y8888     888  Y8b.     888  888 888
-       888 888P     Y888     888   "Y8888  "Y888888 888
-     .d88P                                       v#{JWTear::VERSION}
-   .d88P"
-  888P"    }
-    end
-  end
-end