- Load default secrets and salts
- Encrypted Ruby Rails tokens
- Ruby on rails brute force logic
- Passive scan is disabled by default now
- Code refactoring
- New key derivation: Ruby Key Generator
- JSON editor for Ruby tokens
- Ruby on rails signer was updated to support different Key Generators
- Code refactoring
- Default Secret Keys now available at Wordlist View
- The com.nimbusds.jwt SignedJWT parser added to the finder logic. Note RSA and ECDSA not supported by the extension yet
- Tool name changed to SignSaboteur
- Unknown web signed tokens with empty body excluded from search algorithm to avoid duplicates
- JWT finder separated from Flask/Django implementation
- Burp Suite Pro active scan supported now. All identified signed string are scanned for known secrets with Fast algorithm
- Regex token search method was removed due to poor performance. New search algorithm was introduced instead.
- JWT Tab was added for testing purposes
- Default keys dictionary
- Response body was removed from token parser logic due to performance issues
- Ruby signed cookie Tab
- Multithreading feature is available for brute force attack
- Brute force Deep mode supports Ruby, Ruby5 and Ruby truncated hashing key derivation
- Manual secret and salt item creation
- Brute force uses all known keys for all attacks mode by default
- Github actions
- Unknown signed string tab.
- Enabled signers setting added to the main tab
- Known keys brute force technic added to the Attack mode
- Upgrade dependencies: org.json:json