Jump to content
Nytro

AzTokenFinder

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

AzTokenFinder

Is a small tool to extract JWT (or JWT like looking data) from different processes, like PowerShell, Excel, Word or others. The idea was from another tool which I read about on Twitter, but I could not find it anymore. Maybe someone could give me a hint. 

AzTokenFinder.exe --help

  --processname         Names of process you want to parse. Please omit the ".exe".

  --processids          ProcessIDs you want to parse.

  --default             Enumerate Edge, Excel, Word, PowerShell, Teams, Onedrive and PowerPoint.

  --showexpiredtokes    (Default: false) Shows expired tokens.

  --help                Display this help screen.

  --version             Display version information.

How does it work

There is nothing special in it. It simply opens the processes you provide and searches through the memory for JWT like looking data and extracts them.

Note

It currently only works with x64 processes and it does not extract refresh tokens currently. Maybe I'll change this later.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...