What is Reset Tolkien?
Reset Tolkien is a specialized tool designed for detecting and exploiting vulnerabilities related to time-based secrets. It is particularly useful for identifying and attacking tokens that rely on timestamp-based generation methods.
Usage
Reset Tolkien offers several commands for different tasks related to detecting and attacking time-based tokens:
Detecting Token Format:
To detect if a token is time-based, use:
reset-tolkien detect 660430516ffcf -d "Wed, 27 Mar 2024 14:42:25 GMT" --prefixes "attacker@example.com" --suffixes "attacker@example.com" --timezone "-7"`Brute Force Attack:
To perform a brute force attack to find possible tokens:
reset-tolkien bruteforce 660430516ffcf -bt 1711550546.485597 -et 1711550546.505134 -o output.txt --token-format="uniqid"Sandwich Attack:
To export possible tokens based on a time frame using the sandwich method:
reset-tolkien sandwich 660430516ffcf -bt 1711550546.485597 -et 1711550546.505134 -o output.txt --token-format="uniqid"Supported Encoding and Hash Functions
Reset Tolkien supports various encoding and hash functions, including:
- base32
- base64
- urlencode
- hexint
- hexstr
- uniqid
- uuidv1
- shortuuid
- mongodb_objectid
- datetime
- datetimeRFC2822
- md5
- sha1
- sha224
- sha256
- sha384
- sha512
- sha3_224
- sha3_256
- sha3_384
- sha3_512
- blake_256
- blake_512
More Information
For detailed usage instructions and updates, refer to the Reset Tolkien GitHub repository (opens in a new tab).
Reset Tolkien is a specialized tool aimed at security researchers and developers to identify and mitigate vulnerabilities related to time-based token systems. Always ensure ethical use and proper authorization before testing or exploiting systems with such tools.