HackingHash CrackerWeb Application Security

JWTRipper – Encoding Decoding and Brute-forcing JSON Web Token(JWT)


A command line tool for encoding, decoding and brute-forcing JSON Web Token(JWT). Learn more about JWT




Step-01: Clone the github repo and traverse to the mentioned folder.
git clone https://github.com/Virag007/JWTRipper.git && cd JWTRipper

Step-02: Install the required python library to smoothly run the tool.
pip install -r requirements.txt or pip3 install -r requirements.txt

Step-03: View the usage

python3 JWTRipper --help

usage: use "JWTRipper.py --help" for more information

Title: JWTRipper - JWT Encoder, Decoder & Brute-forcer
Author: Parag Thakur (aka Virag)
Twitter Handle: @_virag007
Description: A command line tool for encoding, decoding and brute-forcing JSON Web Token(JWT).

optional arguments:
  -h, --help            show this help message and exit
  -d DECODE, --decode DECODE
                        Decode a JWT Token
  --brute               Enable brute-force mode
  -w WORDLIST, --wordlist WORDLIST
                        Specify a wordlist for brute-forcing
  --version             Shows the version information and exit

Step-04: python3 JWTRipper
It is a menu driven program in which you are given three menus and depending upon the requirement you may select either of them. First will encode a JWT Token for you, second will decode header and payload fields of JWT Token for you and last will brute-force the secret key of JWT Token. (Note: For brute-forcing you must provide a wordlist file.)

Platform Supported





  1. Encode the JWT Token
  2. Decode the JWT Token
  3. Brute-force the JWT Token secret key
  4. Added cross-platform support (Linux and Windows till)
  5. Algorithm tested and support(HS256, HS384, HS512)
  6. Added support one-liner command for decoding and brute-forcing JWT Token.

Download JWTRipper

Fail2ban Attack monitor with Grafana

Previous article

Watcher – Open Source Cybersecurity Threat Hunting Platform

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in Hacking