rmyjwt API Essentials
This section exposes the API for all the myjwt functionality that will be necessary for most users.
myjwt vulnerabilities
All methods needed to try vulnerabilities on jwt
- myjwt.vulnerabilities.bruteforce_wordlist(jwt: str, filename: str) str [source]
Crack your jwt with wordlist.
- Parameters
jwt (str) – your jwt string.
filename (str) – path file of your wordlist txt file.
- Returns
your new jwt or “” if the valid key is not found.
- Return type
str
- Raises
InvalidJWT – if your jwt is not valid.
- myjwt.vulnerabilities.confusion_rsa_hmac(jwt: str, filename: str) str [source]
Check rsa/hmac confusion.
- Parameters
jwt (str) – your jwt string.
filename (str) – path file of your public key.
- Returns
your new jwt.
- Return type
str
- Raises
InvalidJWT – if your jwt is not valid.
- myjwt.vulnerabilities.inject_sql_kid(jwt: str, injection: str) str [source]
Inject sql to your jwt.
- Parameters
jwt (str) – your jwt.
injection (str) – your kid injection.
- Returns
your new jwt.
- Return type
str
- Raises
InvalidJWT – if your jwt is not valid.
- myjwt.vulnerabilities.jku_vulnerability(jwt=None, url=None, file=None, pem=None)[source]
Check jku Vulnerability.
- Parameters
jwt (str) – your jwt.
url (str) – your url.
file (str) – your output json file name
pem (str) – pem file name
- Returns
your new jwt.
- Return type
str
- myjwt.vulnerabilities.none_vulnerability(jwt: str) str [source]
Check none Vulnerability.
- Parameters
jwt (str) – your jwt string.
- Returns
your new jwt.
- Return type
str
- Raises
InvalidJWT – if your jwt is not valid.
- myjwt.vulnerabilities.print_decoded(jwt: str)[source]
Print your jwt.
- Parameters
jwt (str) – your jwt.
- Returns
Print your jwt.
- Return type
None
- myjwt.vulnerabilities.send_jwt_to_url(url: str, method: str, data: Dict, cookies: Dict, jwt: str) requests.models.Response [source]
- Parameters
url (str) – your url.
method (str) – method (GET, POST, etc…..).
data (Dict) – json to send.
cookies (Dict) – cookies to send.
jwt (str) – your jwt.
- Returns
Response
- Return type
requests.Response
myjwt modify jwt
Package for modify your jwt(header, payload, signature)
- myjwt.modify_jwt.add_header(jwt_json: Dict, header: Dict) Dict [source]
Add new key:value to jwt’s header.
- Parameters
jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
header (Dict) – add value to your header.
- Returns
a new jwt in json format.
- Return type
Dict
- Raises
InvalidJwtJson – if your jwt_json is not a Dict.
InvalidParam – if your header is not a Dict.
- myjwt.modify_jwt.add_payload(jwt_json: Dict, payload) Dict [source]
Add new key:value to jwt’s payload.
- Parameters
jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
payload (Dict) – add value to your payload.
- Returns
a new jwt in json format.
- Return type
Dict
- Raises
InvalidJwtJson – if your jwt_json is not a Dict.
InvalidParam – if your payload is not a Dict.
- myjwt.modify_jwt.change_alg(jwt_json: Dict, algo: str) Dict [source]
Change alg of your jwt.
- Parameters
jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
algo (str) – new algo.
- Returns
a new jwt in json format.
- Return type
Dict
- Raises
InvalidJwtJson – if your jwt_json is not a Dict.
- myjwt.modify_jwt.change_payload(jwt_json: Dict, payload: Dict) Dict [source]
Change the current payload to your jwt_json for the new payload given.
- Parameters
jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
payload (Dict) – new payload
- Returns
a new jwt in json format.
- Return type
Dict
- Raises
InvalidJwtJson – if your jwt_json is not a Dict.
- myjwt.modify_jwt.signature(jwt_json: Dict, key: str) str [source]
Sign your jwt.
- Parameters
jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
key (str) – key for dign your new jwt.
- Returns
new jwt.
- Return type
str
- Raises
InvalidJwtJson – if your jwt_json is not a Dict.
UnknownAlg – if your alg is not a valid alg. Accepted: none, HS{256,384,512}.
myjwt utils
Utils package
- myjwt.utils.copy_to_clipboard(jwt: str) None [source]
Copy txt to clipboard.
- Parameters
jwt (str) – your jwt.
- myjwt.utils.encode_jwt(jwt_json: Dict) str [source]
Transform your jwt dict to a jwt string without “.” + signature.
- Parameters
jwt_json (Dict) – dict with key header and payload.
- Returns
jwt string encoded
- Return type
str
- myjwt.utils.encoded_to_json(encoded_string: str) Dict [source]
Transform your encoded string to dict.
- Parameters
encoded_string (str) – your string base64 encoded.
- Returns
your string cast to a dict.
- Return type
Dict
- myjwt.utils.is_valid_jwt(jwt: str) bool [source]
Check your jwt.
- Parameters
jwt (str) – jwt string.
- Returns
True if jwt is valid , False else
- Return type
bool
myjwt Exception
Exception package