docs: update docs with new parameters, bump version number

lmammino · Nov 1, 2023 · 875c121 · 875c121
1 parent 3a9b6b4
commit 875c121
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 # jwt-cracker
 
-Simple HS256 JWT token brute force cracker.
+Simple HS256, HS384 & HS512 JWT token brute force cracker.
 
 Effective only to crack JWT tokens with weak secrets.
 **Recommendation**: Use strong long secrets or RS256 tokens.
@@ -26,19 +26,19 @@ npm install --global jwt-cracker
 From command line:
 
 ```bash
-jwt-cracker -t <token> [-a <alphabet>] [--max <maxLength>]
+jwt-cracker -t <token> [-a <alphabet>] [--max <maxLength>] [-d <dictionaryFilePath>]
 ```
 
 Where:
 
-* **token**: the full HS256 JWT token string to crack
+* **token**: the full HS256-512 JWT token string to crack
 * **alphabet**: the alphabet to use for the brute force (default: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
 * **maxLength**: the max length of the string generated during the brute force (default: 12)
-
+* **dictionaryFilePath**: path to a list of passwords (one per line) to use instead of brute force
 
 ## Requirements
 
-This script requires Node.js version 6.0.0 or higher
+This script requires Node.js version 16.0.0 or higher
 
 ## Example
 
@@ -50,6 +50,13 @@ jwt-cracker -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwi
 
 It takes about 2 hours in a Macbook Pro (2.5GHz quad-core Intel Core i7).
 
+Or using a list of passwords taken from https://github.com/danielmiessler/SecLists
+
+```bash
+jwt-cracker -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ -d darkweb2017-top10000.txt
+```
+
+It takes less than a second.
 
 ## Contributing
 

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "jwt-cracker",
-  "version": "3.0.0",
-  "description": "Simple HS256 JWT token brute force cracker",
+  "version": "4.0.0",
+  "description": "Simple HS256-512 JWT token brute force cracker",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -42,6 +42,10 @@
     {
       "name": "Rob Waller",
       "url": "https://github.com/RobDWaller"
+    },
+    {
+      "name": "Flibustier",
+      "url": "https://github.com/flibustier"
     }
   ],
   "repository": {