├── .gitignore
├── BappDescription.html
├── BappManifest.bmf
├── LICENSE
├── README.md
├── docs
├── auto_select.png
├── forge_public_key.png
└── manual_select.png
├── gradle
├── libs.versions.toml
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── settings.gradle
└── src
├── main
├── java
│ └── ch
│ │ └── csnc
│ │ └── burp
│ │ └── jwtscanner
│ │ ├── Base64.java
│ │ ├── CommentHttpHandler.java
│ │ ├── ContextMenu.java
│ │ ├── CosineSimilarity.java
│ │ ├── Gmp.java
│ │ ├── Gson.java
│ │ ├── Jwk.java
│ │ ├── Jwks.java
│ │ ├── Jwt.java
│ │ ├── JwtAuditIssues.java
│ │ ├── JwtInsertionPointProvider.java
│ │ ├── JwtScanCheck.java
│ │ ├── JwtScannerExtension.java
│ │ ├── Logging.java
│ │ ├── Rsa.java
│ │ ├── Sign2n.java
│ │ ├── Storage.java
│ │ └── checks
│ │ ├── Check.java
│ │ ├── CheckAlg.java
│ │ ├── CheckAlgConfusionExposedPublicKey.java
│ │ ├── CheckAlgConfusionForgedPublicKey.java
│ │ ├── CheckAlgNone.java
│ │ ├── CheckEmptyPassword.java
│ │ ├── CheckExpiredJwtAccepted.java
│ │ ├── CheckInvalidEcdsa.java
│ │ ├── CheckInvalidSignature.java
│ │ ├── CheckJkuHeaderInjection.java
│ │ ├── CheckJkuPingback.java
│ │ ├── CheckJwkHeaderInjection.java
│ │ ├── CheckJwks.java
│ │ ├── CheckJwtExists.java
│ │ ├── CheckJwtExpired.java
│ │ ├── CheckJwtHasExpiry.java
│ │ ├── CheckKidHeaderPathTraversal.java
│ │ ├── CheckWithoutSignature.java
│ │ └── Checks.java
└── resources
│ └── natives
│ ├── Makefile
│ ├── gmpwrapper.c
│ ├── gmpwrapper.h
│ ├── linux_64
│ ├── libgmp.a
│ └── libgmpwrapper.so
│ ├── osx_64
│ ├── libgmp.a
│ └── libgmpwrapper.dylib
│ ├── osx_arm64
│ ├── libgmp.a
│ └── libgmpwrapper.dylib
│ └── windows_64
│ ├── gmp.lib
│ └── gmpwrapper.dll
└── test
└── java
└── ch
└── csnc
└── burp
└── jwtscanner
├── CosineSimilarityTest.java
├── JwkTest.java
├── JwksTest.java
├── JwtTest.java
├── RsaTest.java
└── Sign2nTest.java
/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/.gitignore
--------------------------------------------------------------------------------
/BappDescription.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/BappDescription.html
--------------------------------------------------------------------------------
/BappManifest.bmf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/BappManifest.bmf
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/LICENSE
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/README.md
--------------------------------------------------------------------------------
/docs/auto_select.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/docs/auto_select.png
--------------------------------------------------------------------------------
/docs/forge_public_key.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/docs/forge_public_key.png
--------------------------------------------------------------------------------
/docs/manual_select.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/docs/manual_select.png
--------------------------------------------------------------------------------
/gradle/libs.versions.toml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/gradle/libs.versions.toml
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/gradle/wrapper/gradle-wrapper.properties
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/gradlew
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/gradlew.bat
--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = "jwt-scanner"
2 |
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Base64.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Base64.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/CommentHttpHandler.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/CommentHttpHandler.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/ContextMenu.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/ContextMenu.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/CosineSimilarity.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/CosineSimilarity.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Gmp.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Gmp.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Gson.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Gson.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Jwk.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Jwk.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Jwks.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Jwks.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Jwt.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Jwt.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/JwtAuditIssues.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/JwtAuditIssues.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/JwtInsertionPointProvider.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/JwtInsertionPointProvider.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/JwtScanCheck.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/JwtScanCheck.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/JwtScannerExtension.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/JwtScannerExtension.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Logging.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Logging.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Rsa.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Rsa.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Sign2n.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Sign2n.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/Storage.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/Storage.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/Check.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/Check.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlg.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlg.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlgConfusionExposedPublicKey.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlgConfusionExposedPublicKey.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlgConfusionForgedPublicKey.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlgConfusionForgedPublicKey.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlgNone.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckAlgNone.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckEmptyPassword.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckEmptyPassword.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckExpiredJwtAccepted.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckExpiredJwtAccepted.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckInvalidEcdsa.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckInvalidEcdsa.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckInvalidSignature.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckInvalidSignature.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJkuHeaderInjection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJkuHeaderInjection.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJkuPingback.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJkuPingback.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwkHeaderInjection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwkHeaderInjection.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwks.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwks.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwtExists.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwtExists.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwtExpired.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwtExpired.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwtHasExpiry.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckJwtHasExpiry.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckKidHeaderPathTraversal.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckKidHeaderPathTraversal.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckWithoutSignature.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/CheckWithoutSignature.java
--------------------------------------------------------------------------------
/src/main/java/ch/csnc/burp/jwtscanner/checks/Checks.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/java/ch/csnc/burp/jwtscanner/checks/Checks.java
--------------------------------------------------------------------------------
/src/main/resources/natives/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/Makefile
--------------------------------------------------------------------------------
/src/main/resources/natives/gmpwrapper.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/gmpwrapper.c
--------------------------------------------------------------------------------
/src/main/resources/natives/gmpwrapper.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/gmpwrapper.h
--------------------------------------------------------------------------------
/src/main/resources/natives/linux_64/libgmp.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/linux_64/libgmp.a
--------------------------------------------------------------------------------
/src/main/resources/natives/linux_64/libgmpwrapper.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/linux_64/libgmpwrapper.so
--------------------------------------------------------------------------------
/src/main/resources/natives/osx_64/libgmp.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/osx_64/libgmp.a
--------------------------------------------------------------------------------
/src/main/resources/natives/osx_64/libgmpwrapper.dylib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/osx_64/libgmpwrapper.dylib
--------------------------------------------------------------------------------
/src/main/resources/natives/osx_arm64/libgmp.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/osx_arm64/libgmp.a
--------------------------------------------------------------------------------
/src/main/resources/natives/osx_arm64/libgmpwrapper.dylib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/osx_arm64/libgmpwrapper.dylib
--------------------------------------------------------------------------------
/src/main/resources/natives/windows_64/gmp.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/windows_64/gmp.lib
--------------------------------------------------------------------------------
/src/main/resources/natives/windows_64/gmpwrapper.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/main/resources/natives/windows_64/gmpwrapper.dll
--------------------------------------------------------------------------------
/src/test/java/ch/csnc/burp/jwtscanner/CosineSimilarityTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/test/java/ch/csnc/burp/jwtscanner/CosineSimilarityTest.java
--------------------------------------------------------------------------------
/src/test/java/ch/csnc/burp/jwtscanner/JwkTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/test/java/ch/csnc/burp/jwtscanner/JwkTest.java
--------------------------------------------------------------------------------
/src/test/java/ch/csnc/burp/jwtscanner/JwksTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/test/java/ch/csnc/burp/jwtscanner/JwksTest.java
--------------------------------------------------------------------------------
/src/test/java/ch/csnc/burp/jwtscanner/JwtTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/test/java/ch/csnc/burp/jwtscanner/JwtTest.java
--------------------------------------------------------------------------------
/src/test/java/ch/csnc/burp/jwtscanner/RsaTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/test/java/ch/csnc/burp/jwtscanner/RsaTest.java
--------------------------------------------------------------------------------
/src/test/java/ch/csnc/burp/jwtscanner/Sign2nTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CompassSecurity/jwt-scanner/HEAD/src/test/java/ch/csnc/burp/jwtscanner/Sign2nTest.java
--------------------------------------------------------------------------------