-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.js
177 lines (164 loc) · 5.28 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/usr/bin/env node
"use strict";
// Import modules
const cluster = require("cluster");
const crypto = require("crypto");
const bigInt = require("big-integer");
const generator = require("indexed-string-variation").generator;
const ProgressBar = require("progress");
const pkg = require("./package");
// Get cmd vars
const token = process.argv[2];
// Ordered by frequency http://letterfrequency.org/ and discarded some very unusual
const defaultAlphabet =
"etaoinsrhldcumfpgwybv0123456789kxjqz _-.ETAOINSRHLDCUMFPGWYBVKXJQZ";
const alphabet =
!process.argv[3] || process.argv[3] == "default"
? defaultAlphabet
: process.argv[3];
const maxLen = Number(process.argv[4]) || 12;
const maxCPUs = require("os").cpus().length;
const numCPUs = Math.min(Math.max(Number(process.argv[5]) || 1, 1), maxCPUs);
const start = Number(process.argv[6]) || 0;
const isValidJWT = token && token.split(".").length === 3;
// Check if the token is provided
if (typeof token === "undefined" || token === "--help" || !isValidJWT) {
console.log(
`multithread-jwt-cracker version ${pkg.version}
Usage:
multithread-jwt-cracker <token> [<alphabet>] [<maxLength>] [<threads>] [<start>]
token the full HS256 jwt token to crack
alphabet the alphabet to use for the brute force, type 'default' to omit (default: ${defaultAlphabet})
maxLength the max length of the string generated during the brute force (default: 12)
threads the number of threads to use (default: 1, max: ${maxCPUs})
start the index from where to start the search
`
);
process.exit(0);
}
// Initialize variables
const variations = generator(alphabet);
const batchSize = bigInt(String(100000));
const startTime = +new Date();
const [header, payload, signature] = token.split(".");
const content = `${header}.${payload}`;
const startCursor = bigInt(String(start));
let cursor = startCursor;
let len = variations(cursor).length;
let firstTick = true;
let secElapsed = 0;
// TODO: check if there's a faster way to do this
const generateSignature = function(content, secret) {
return crypto
.createHmac("sha256", secret)
.update(content)
.digest("base64")
.replace("=", "")
.replace("+", "-")
.replace("/", "_");
};
// Process current batch of secrets
const processBatch = (batch, cb) => {
const batchStart = bigInt(batch[0]);
const batchEnd = bigInt(batch[1]);
setImmediate(() => {
for (let i = batchStart; i.lesser(batchEnd); i = i.add(bigInt.one)) {
// Check current signature
if (generateSignature(content, variations(i)) == signature) {
// Secret found!
return cb(variations(i));
}
}
return cb();
});
};
// Main thread
if (cluster.isMaster) {
console.log(`
Cracking process started. (pid: ${process.pid})
Token: <${token}>
Alphabet: <${alphabet}>
maxLen: <${maxLen}>
threads: <${numCPUs}>
`);
const clusterMap = {};
for (let i = 0; i < numCPUs; ++i) {
const customId = i + 100;
const worker = cluster.fork({ workerId: customId });
clusterMap[worker.id] = customId;
worker.on("message", (msg) => {
switch (msg.type) {
case "next": {
const from = cursor;
const to = cursor.add(batchSize).minus(bigInt.one);
const batch = [from.toString(), to.toString()];
cursor = cursor.add(batchSize);
worker.send({ type: "batch", batch });
break;
}
case "success": {
console.log(`Secret found! Secret: ${msg.secret}`);
console.log("Time taken (sec):", secElapsed);
process.exit(0);
}
default:
console.log("Undefined message: " + JSON.stringify(msg));
}
});
}
console.log();
const bar = new ProgressBar(
"[:bar] length :current/:maxLen | cursor :cursor | :perSec secrets/sec | elapsed :secElapseds ",
{
complete: "=",
incomplete: " ",
width: 20,
total: maxLen + 1
}
);
setInterval(() => {
secElapsed = Math.floor((+new Date() - startTime) / 1000);
if (len > maxLen) {
console.log(
`The cracking process has reached the maximum length, no secret found. Exiting...`
);
process.exit();
}
const currentLen = variations(cursor).length;
const cursorPerSec = cursor.subtract(startCursor).divide(secElapsed);
bar.tick(firstTick ? currentLen : currentLen - len, {
cursor: cursor.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ","),
perSec: cursorPerSec.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ","),
secElapsed,
maxLen
});
firstTick = false;
len = currentLen;
}, 1000);
process.on("SIGINT", () => {
console.log(`
Cracking interrupted. Resume the process with:
multithread-jwt-cracker "${token}" "${alphabet}" ${maxLen} ${numCPUs} ${cursor}
`);
process.exit();
});
} else {
// Child-threads
process.send({ type: "next" });
process.on("message", (msg) => {
if (msg.type === 'batch') {
processBatch(msg.batch, (pwd) => {
if (typeof pwd === "undefined") {
process.send({ type: "next" });
} else {
console.log("Success!");
process.send({ type: "success", secret: pwd });
}
});
}
});
}
// Catch any exceptions
process.on('uncaughtException', function(err) {
console.error(err);
});