CLI Cheatsheet
Ready-to-use commands for operations too compute-heavy for the browser.
Browser vs CLI
JWT Arsenal handles all crypto in-browser. For GPU brute-force of weak HMAC secrets and RSA key recovery (GCD over 4096-bit numbers), you need dedicated CLI tools listed here.
Tool Setup
jwt_tool
git clone https://github.com/ticarpi/jwt_tool
cd jwt_tool
pip3 install -r requirements.txt
python3 jwt_tool.py --helprsa_sign2n
git clone https://github.com/silentsignal/rsa_sign2n
cd rsa_sign2n
pip3 install -r requirements.txt
python3 standalone/jwt_forgery.py --helpWordlists
Tool Reference
jwt_toolPython toolkit for JWT testing, tampering, and exploitation
rsa_sign2nRSA public key recovery from JWT signatures
hashcatGPU-accelerated password recovery (mode 16500 for JWT)
johnJohn the Ripper - classic CPU-based cracker