CVE-2018-0114

A CLI to make it easier to work with JWTs when doing pentests/security reviews

FORGER This cli aims to make it easier to work with JWTs when doing security reviews Examples of use cases: Prints a decoded token Prints a jwk json file given a key (possibility to include a cert as well) Makes it possible to (in an easy way) changes values of properties in a JWT Generate self signed tokens etc print Prints the base64 token as json (skipping the signature)

Some good-boy scripts I've made throughout my time learning aggressive infosec

pentester-bounty-hunter-scripts Just posting some of the scripts I write as I strengthen my pythonic coding, some exploit scripts as I work through their write-ups and attempt to develop my own PoC's, as well as random scripts from one-off challenges or snippets undeserving of an entire github shrine dedicated to their rancid memory Thanks for reading and checking out my

Automate JWT Exploit (CVE-2018-0114)

jwt-spoof-tool Tool Description : I made this tool for learning purpose and automating jwt token hijacking without depending on using burpsuite the code is well documented and easy to follow Based on (CVE-2018-0114) The Vulnerabilty happend because in backend the server check jwk object embeded inside jwt header, it contain n and e which are 2 paramters used to form the publi

Explore and learn about JWT vulnerabilities through hands-on security labs. Perfect for cybersecurity enthusiasts, developers, and learners!

JWT Hacking Lab 🛠️ Welcome to the JWT Hacking Lab! This project is a fantastic hands-on playground designed to help you dig deep into the world of JSON Web Token (JWT) security 😎 🚀 Labs and Learning Objectives 🎯 Our labs, each focusing on a specific JWT-related vulnerability, are as follows: Secrets Under the Rug: Exploiting Weak HMAC Secrets 🤫: This lab tea

A PowerShell module that contains functions to create, validate, and test JSON Web Tokens (JWT) as well as the creation of JSON Web Keys (JWK).

ReadMe PSJsonWebToken This PowerShell module contains functions to create, validate, and test JSON Web Tokens (JWT) per RFC 7519 and RFC 7515 Additional functionality is included for the creation of JSON Web Keys (JWK) per RFC 7517 Tested on 🖥️ Windows 10/11 🐧 Linux 🍎 MacOS Requirements Requires PowerShell 51 or above Installation Install-Module -Name PSJsonWebTo

POC for CVE-2018-0114 written in Go

CVE-2018-0114 POC A vulnerability in the Cisco node-jose open source library before 0110 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs) This standard specifies that a JSON Web Key (JWK) representing

Exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT.

CVE-2018-0114 Exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT This vulnerability in Cisco's node-jose allows an attacker to forge malicious tokens JWT allows users to embed public keys (using the jwk value) inside the header of the token However, the application should never trust those keys as an attacker can provid

python2.7 script for JWT generation

CVE-2018-0114 python27 script for JWT generation CVE-2018-0114 A vulnerability in the Cisco node-jose open source library before 0110 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs) This standard sp

CVE-2018-0114 before 0110 unathenticated remote attacker can re-sign using a key embeded in token wwwcvedetailscom/cve/CVE-2018-0114/

JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.

JWT FuzzHelper for Burp Purpose JSON Web Token (JWT) support for Burp Intruder This extension adds a payload processor for fuzzing JWT claims Comparison JOSEPH and JSON Web Tokens are two extensions that automate some common attacks and provide various views for JWTs This extension complements those by providing an Intruder hook for more targeted fuzzing and on-the-fly mani

Some good-boy scripts I've made throughout my time learning aggressive infosec

pentester-bounty-hunter-scripts Just posting some of the scripts I write as I strengthen my pythonic coding, some exploit scripts as I work through their write-ups and attempt to develop my own PoC's, as well as random scripts from one-off challenges or snippets undeserving of an entire github shrine dedicated to their rancid memory Thanks for reading and checking out my

This repository contains the POC of an exploit for node-jose < 0.11.0

POC-CVE-2018-0114 This repository contains the POC of an exploit for node-jose &lt; 0110 Getting Started A vulnerability in the Cisco node-jose open source library before 0110 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token The vulnerability is due to node-jose following the JSON Web Signature (JWS) standa

Exploit for Node-jose < 0.11.0 written in Ruby

CVE-2018-0114 Exploit for Node-jose &lt; 0110 written in Ruby Usage just input victim name into code and run the file via ruby /exploitrb A vulnerability in the Cisco node-jose open source library before 0110 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token The vulnerability is due to node-jose follow

CVE-2018-0114-Exploit A vulnerability in the Cisco node-jose open source library before 0110 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs) This standard specifies that a JSON Web Key (JWK) represen