Light

lmammino / distributed-jwt-cracker Goto Github PK

View Code? Open in Web Editor NEW

53.0 3.0 9.0 359 KB

An experimental distributed JWT token cracker built using Node.js and ZeroMQ

Home Page: https://lmammino.github.io/distributed-jwt-cracker/

License: MIT License

JavaScript 100.00%

cracking-jwt-tokens jwt zeromq cracker node-tutorial distributed distributed-systems nodejs node tutorial

distributed-jwt-cracker's Introduction

distributed-jwt-cracker

An experimental distributed JWT token cracker built using Node.js and ZeroMQ. It can be used to discover the password (or "secret") of an unencrypted JWT token using a HS256 signature.

Install

Through NPM:

npm i -g distributed-jwt-cracker

Requires ZeroMq libraries to be already installed in your machine.

Usage

Server

To start a new server:

jwt-cracker-server <jwtToken> [options]

The following options are available:

option	description	type	default
-p, --port	The port used to accept incoming connections	number	9900
-P, --pubPort	The port used to publish signals to all the workers	number	9901
-a, --alphabet	The alphabet used to generate the passwords	string	"abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789"
-b, --batchSize	The number of attempts assigned to every client in a batch	number	1000000
-s, --start	The index from where to start the search	number	0

Example, using the example JWT.io token over a simple alphabet:

jwt-cracker-server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ -a=abcdefghijklmnopqrstuwxyz

Client

To start a new client:

jwt-cracker-client [options]

The following options are available:

option	description	type	default
-h, --host	The hostname of the server	string	"localhost"
-p, --port	The port used to connect to the batch server	number	9900
-P, --pubPort	The port used to subscribe to broadcast signals (e.g. exit)	number	9901

Example:

jwt-cracker-client --host=localhost --port=9900 --pubPort=9901

The making of

This project has been thoroughly discussed in two articles published on RisingStack community blog:

Contributing

Everyone is very welcome to contribute to this project. You can contribute just by submitting bugs or suggesting improvements by opening an issue on GitHub.

License

Licensed under MIT License. © Luciano Mammino.

distributed-jwt-cracker's People

Contributors

Stargazers

Watchers

Forkers

ccarcaci noraj xmrseo dinesh876 hehacks talk2noob ktdung vitaly-z

distributed-jwt-cracker's Issues

Server web interface

Allow the server to expose a web interface that displays in real time the connected clients and the current state of the distributed computation.

Multi level architecture

Allow to have multi level architecture where a server can receive connections from other servers.

We can then define a master server and a second level server.

When a second level server connects to a master server it requests an high number of batches that he can then distribute to clients that connect to it.

With this approach is possible to create large networks able to distribute the work to a large amount of clients.

Ability to restore the server with its internal state after a failure or a manual shutdown

This requires the usage of some form of data persistency. A JSON file should be more than ok given that the state can be represented by the nextBatch and the list of batches currently under processing.

Ability to monitor clients and reassign their ongoing batches in case of failure

This requires to introduce a mechanism to monitor the clients (e.g. ping or timeout) and to store in the server state a queue of batches waiting for recovery. When a new batch is requested by a client then the next batch is provided from the recovery queue. Only if the recovery queue is empty the cursor can be moved forward and a new batch can be distributed to a client.

Limit execution to a maximum string length and offer estimation on the elapsed time

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.