Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Tags: ticarpi/jwt_tool

Tags

v2.3.0

v2.2.7

Toggle v2.2.7's commit message 
Update for v2.2.7

v2.2.6

Toggle v2.2.6's commit message 
v2.2.6

[+] Fixed alg issue in prompt (thanks @jwutzke)
[+] Implemented a no-redirect option to avoid 301/302 ambiguous results (`-nr`/`--no-redirect`) (thanks @TheREK3R)
[+] Improved some JWKS/kid handling
[+] Fixed non-ASCII password issue on Playbook Scan
Bugfixes

v2.2.5

Toggle v2.2.5's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v2.2.5

[+] NEW Dockerfile
[+] Config and logs now moved to {HOME}/.jwt_tool to facilitate Docker builds and better file management

v2.2.4

Toggle v2.2.4's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v2.2.4

[+] NEW 'verbose' mode: read token in original context, base64-decoded (`-v`/`--verbose`)  
Bugfixes:  
* fixed cprint() missing args
* fixed curl payload injection whitespace

v2.2.1

Toggle v2.2.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v2.2.1

[+] New scan test (re-signing of tokens with common passwords) in 'Playbook' scan mode (`-M pb`)  
[+] Added new hard-coded secret from CVE-2020-1764 to jwt-common.txt
Bugfixes:
* Replacing '%' in URL encoded targetUrl to avoid interpolation syntax errors

2.2.0

Toggle 2.2.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v2.2.0

[+] NEW exploit: blank password in signature (`-X b`)  
[+] NEW 'bare' mode: return only tokens to stdout - for using with upcoming integrations (`-b`)  
[+] additional checks in 'Playbook' scan mode (`-M pb`)  
[+] reordered help options to group similar options  
Bugfixes:  
* fixed Playbook scanner glitches
* fixed config file generation issues

2.1.0

Toggle 2.1.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v2.1.0

[+] NEW exploit: null signature (`-X n`)  
[+] NEW scanner mode: Inject Common Claims (`-M cc`)  
[+] additional checks in 'Playbook' scan mode (`-M pb`)  
[+] multiple custom headers now supported (`-rh`)  
[+] reflective JWKS URL created automatically in config file - for JKU/Spoof JWKS attacks (`-X s`)  
[+] checks added for old/incompatible config files  
[+] report on long HTTP response times  
Bugfixes:  
* fixed colours not working in Windows cmd/Powershell  
* fixed capitalisation issue in config file  
* fixed broken null signed kid attacks in ScanModePlaybook()

v2.0.2

Toggle v2.0.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v2.0.2 - bugfixes for nested JSON in Tamper mode

v1.3.5

Toggle v1.3.5's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
v1.3.5 - improved reading of nested JSON in claims

[+] Enabled reading of multiple-level nesting of JSON objects in claims (thanks @frani @fredsibcald @ASoggySandal)
Fixed function names and text referencing 'key length' where it should have been 'hash length' (thanks @floyd-fuh)