Merge pull request #71 from morpheuslord/jwt

Added JWT Token analysis

README.md

@@ -27,9 +27,11 @@ Simple import any of the 3 packages and then add define the variables accordingl
 from GVA.scanner import NetworkScanner
 from GVA.dns_recon import DNSRecon
 from GVA.geo import geo_ip_recon
+from GVA.jwt import JWTAnalyzer
 from GVA.menus import Menus
 from GVA.ai_models import NMAP_AI_MODEL
 from GVA.ai_models import DNS_AI_MODEL
+from GVA.ai_models import JWT_AI_MODEL
 from GVA.assets import Assets
 from GVA.subdomain import sub_enum
 from GVA import gui
@@ -40,6 +42,7 @@ geo_ip = geo_ip_recon()
 p_ai_models = NMAP_AI_MODEL()
 dns_ai_models = DNS_AI_MODEL()
 port_scanner = NetworkScanner()
+jwt_analizer = JWTAnalyzer()
 sub_recon = sub_enum()
 asset_codes = Assets()
 
@@ -48,7 +51,7 @@ asset_codes = Assets()
 lkey = "LLAMA API KEY"
 lendpoint = "LLAMA ENDPOINT"
 keyset = "AI API KEY"
-target_ip_hostname = "TARGET IP OR HOSTNAME"
+target_ip_hostname_or_token = "TARGET IP, HOSTNAME OR TOKEN"
 profile_num = "PROFILE FOR NMAP SCAN"
 ai_set = "AI OF CHOICE"
 akey_set = "OPENAI API KEY"
@@ -106,14 +109,14 @@ python gpt_vuln.py --help
 python gpt_vuln.py --r help
 
 # Specify target with the attack
-python gpt_vuln.py --target <IP> --attack dns/nmap
+python gpt_vuln.py --target <IP/hostname/token> --attack dns/nmap/jwt
 
 # Specify target and profile for nmap
-python gpt_vuln.py --target <IP> --attack nmap --profile <1-13>
+python gpt_vuln.py --target <IP/hostname/token> --attack nmap --profile <1-13>
 (Default:1)
 
 # Specify target for DNS no profile needed
-python gpt_vuln.py --target <IP or HOSTNAME> --attack dns
+python gpt_vuln.py --target <IP/hostname/token> --attack dns
 
 # Specify target for Subdomain Enumeration no profile used default list file
 python gpt_vuln.py --target <HOSTNAME> --attack sub
@@ -130,6 +133,9 @@ python gpt_vuln.py --target <IP> --attack nmap --profile <1-5> --ai llama /llama
 # Specify the AI to be used for dns
 python gpt_vuln.py --target <IP> --attack dns --ai llama /llama-api /bard / openai <default>
 
+# Specify the AI to be used for JWT analysis
+python gpt_vuln.py --target <token> --attack jwt --ai llama /llama-api /bard / openai <default>
+
 # Interactive step by step cli interface
 python gpt_vuln.py --menu True
 ```
@@ -154,6 +160,7 @@ python gpt_vuln.py --menu True
 │ 2       │ DNS Enum       │
 │ 3       │ Subdomain Enum │
 │ 4       │ GEO-IP Enum    │
+| 5       | JWT Analysis   |
 │ q       │ Quit           │
 └─────────┴────────────────┘
 Enter your choice:
@@ -424,6 +431,22 @@ Using the instruction set and the data provided via the prompt the llama AI gene
 For the most usage I suggest you create a runpod serverless endpoint deployment of llama you can refer to this tutorial for that [tutorial](https://www.youtube.com/watch?v=Ftb4vbGUr7U). Follow the tutorial for better use.
 ### Output
 
+#### JWT Output:
+
+```
+                                            GVA Report for JWT
+┏━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
+┃ Variables           ┃ Results                                                                          ┃
+┡━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
+│ Algorithm Used      │ HS256                                                                            │
+│ Header              │ eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9                                         │
+│ Payload             │ eyJzdWIiOiAiMTIzNDU2Nzg5MCIsICJuYW1lIjogIkpvaG4gRG9lIiwgImlhdCI6IDE1MTYyMzkwMjJ9 │
+│ Signature           │                                                                                  │
+│ PossibleAttacks     │ None identified                                                                  │
+│ VulnerableEndpoints │ Unable to determine without additional information                               │
+└─────────────────────┴──────────────────────────────────────────────────────────────────────────────────┘
+```
+
 #### Nmap output:
 
 ##### OpenAI and Bard:

commands/assets.py

@@ -75,6 +75,7 @@ def help_menu() -> None:
         console.print(table)
 
     def print_output(self, attack_type: str, jdata: str, ai: str) -> Any:
+        jdata = str(jdata)
         match attack_type:
             case "Nmap":
                 match ai:
@@ -122,6 +123,52 @@ def print_output(self, attack_type: str, jdata: str, ai: str) -> Any:
                             border_style="blue",
                         )
                         print(message_panel)
+            case "JWT":
+                match ai:
+                    case 'openai':
+                        data = json.loads(jdata)
+                        table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta")
+                        table.add_column("Variables", style="cyan")
+                        table.add_column("Results", style="green")
+
+                        for key, value in data.items():
+                            table.add_row(str(key), str(value))
+                        print(table)
+                    case 'bard':
+                        data = json.loads(jdata)
+                        table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta")
+                        table.add_column("Variables", style="cyan")
+                        table.add_column("Results", style="green")
+
+                        for key, value in data.items():
+                            table.add_row(str(key), str(value))
+                        print(table)
+                    case 'llama':
+                        ai_out = Markdown(jdata)
+                        message_panel = Panel(
+                            Align.center(
+                                Group("\n", Align.center(ai_out)),
+                                vertical="middle",
+                            ),
+                            box=box.ROUNDED,
+                            padding=(1, 2),
+                            title="[b red]The GVA LLama2",
+                            border_style="blue",
+                        )
+                        print(message_panel)
+                    case 'llama-api':
+                        ai_out = Markdown(jdata)
+                        message_panel = Panel(
+                            Align.center(
+                                Group("\n", Align.center(ai_out)),
+                                vertical="middle",
+                            ),
+                            box=box.ROUNDED,
+                            padding=(1, 2),
+                            title="[b red]The GVA LLama2",
+                            border_style="blue",
+                        )
+                        print(message_panel)
             case "DNS":
                 match ai:
                     case 'openai':

commands/jwt.py

@@ -0,0 +1,71 @@
+import jwt
+import json
+import base64
+from datetime import datetime
+from typing import Optional
+
+
+class JWTAnalyzer:
+
+    def analyze(self, AIModels, token, openai_api_token: Optional[str], bard_api_token: Optional[str], llama_api_token: Optional[str], llama_endpoint: Optional[str], AI: str) -> str:
+        try:
+            self.algorithm_used = ""
+            self.decoded_payload = ""
+            self.expiration_time = ""
+            parts = token.split('.')
+            if len(parts) != 3:
+                raise ValueError("Invalid token format. Expected 3 parts.")
+
+            header = json.loads(base64.urlsafe_b64decode(parts[0] + '===').decode('utf-8', 'replace'))
+            self.algorithm_used = header.get('alg', 'Unknown Algorithm')
+            payload = json.loads(base64.urlsafe_b64decode(parts[1] + '===').decode('utf-8', 'replace'))
+            self.decoded_payload = payload
+            self.claims = {key: value for key, value in payload.items()}
+            if 'exp' in payload:
+                self.expiration_time = datetime.utcfromtimestamp(payload['exp'])
+            self.analysis_result = {
+                'Algorithm Used': self.algorithm_used,
+                'Decoded Payload': self.decoded_payload,
+                'Claims': self.claims,
+                'Expiration Time': self.expiration_time
+            }
+            str_data = str(self.analysis_result)
+            match AI:
+                case 'openai':
+                    try:
+                        if openai_api_token is not None:
+                            pass
+                        else:
+                            raise ValueError("KeyNotFound: Key Not Provided")
+                        response = AIModels.gpt_ai(str_data, openai_api_token)
+                    except KeyboardInterrupt:
+                        print("Bye")
+                        quit()
+                case 'bard':
+                    try:
+                        if bard_api_token is not None:
+                            pass
+                        else:
+                            raise ValueError("KeyNotFound: Key Not Provided")
+                        response = AIModels.BardAI(bard_api_token, str_data)
+                    except KeyboardInterrupt:
+                        print("Bye")
+                        quit()
+                case 'llama':
+                    try:
+                        response = AIModels.llama_AI(str_data, "local", llama_api_token, llama_endpoint)
+                    except KeyboardInterrupt:
+                        print("Bye")
+                        quit()
+                case 'llama-api':
+                    try:
+                        response = AIModels.Llama_AI(str_data, "runpod", llama_api_token, llama_endpoint)
+                    except KeyboardInterrupt:
+                        print("Bye")
+                        quit()
+            final_data = str(response)
+            return final_data
+        except jwt.ExpiredSignatureError:
+            self.analysis_result = {'Error': 'Token has expired.'}
+        except jwt.InvalidTokenError as e:
+            self.analysis_result = {'Error': f'Invalid token: {e}'}