rmyjwt API Essentials

This section exposes the API for all the myjwt functionality that will be necessary for most users.

myjwt vulnerabilities

All methods needed to try vulnerabilities on jwt

myjwt.vulnerabilities.bruteforce_wordlist(jwt: str, filename: str)str[source]

Crack your jwt with wordlist.

Parameters
  • jwt (str) – your jwt string.

  • filename (str) – path file of your wordlist txt file.

Returns

your new jwt or “” if the valid key is not found.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.confusion_rsa_hmac(jwt: str, filename: str)str[source]

Check rsa/hmac confusion.

Parameters
  • jwt (str) – your jwt string.

  • filename (str) – path file of your public key.

Returns

your new jwt.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.inject_sql_kid(jwt: str, injection: str)str[source]

Inject sql to your jwt.

Parameters
  • jwt (str) – your jwt.

  • injection (str) – your kid injection.

Returns

your new jwt.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.jku_vulnerability(jwt=None, url=None, file=None, pem=None)[source]

Check jku Vulnerability.

Parameters
  • jwt (str) – your jwt.

  • url (str) – your url.

  • file (str) – your output json file name

  • pem (str) – pem file name

Returns

your new jwt.

Return type

str

myjwt.vulnerabilities.none_vulnerability(jwt: str)str[source]

Check none Vulnerability.

Parameters

jwt (str) – your jwt string.

Returns

your new jwt.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.print_decoded(jwt: str)[source]

Print your jwt.

Parameters

jwt (str) – your jwt.

Returns

Print your jwt.

Return type

None

myjwt.vulnerabilities.send_jwt_to_url(url: str, method: str, data: Dict, cookies: Dict, jwt: str)requests.models.Response[source]
Parameters
  • url (str) – your url.

  • method (str) – method (GET, POST, etc…..).

  • data (Dict) – json to send.

  • cookies (Dict) – cookies to send.

  • jwt (str) – your jwt.

Returns

Response

Return type

requests.Response

myjwt.vulnerabilities.x5u_vulnerability(jwt=None, url=None, crt=None, pem=None, file=None)[source]

Check jku Vulnerability.

Parameters
  • jwt (str) – your jwt.

  • url (str) – your url.

  • crt (str) – crt path file

  • pem (str) – pem file name

  • file (str) – jwks file name

Returns

your new jwt.

Return type

str

myjwt modify jwt

Package for modify your jwt(header, payload, signature)

myjwt.modify_jwt.add_header(jwt_json: Dict, header: Dict)Dict[source]

Add new key:value to jwt’s header.

Parameters
  • jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).

  • header (Dict) – add value to your header.

Returns

a new jwt in json format.

Return type

Dict

Raises
myjwt.modify_jwt.add_payload(jwt_json: Dict, payload)Dict[source]

Add new key:value to jwt’s payload.

Parameters
  • jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).

  • payload (Dict) – add value to your payload.

Returns

a new jwt in json format.

Return type

Dict

Raises
myjwt.modify_jwt.change_alg(jwt_json: Dict, algo: str)Dict[source]

Change alg of your jwt.

Parameters
  • jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).

  • algo (str) – new algo.

Returns

a new jwt in json format.

Return type

Dict

Raises

InvalidJwtJson – if your jwt_json is not a Dict.

myjwt.modify_jwt.change_payload(jwt_json: Dict, payload: Dict)Dict[source]

Change the current payload to your jwt_json for the new payload given.

Parameters
  • jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).

  • payload (Dict) – new payload

Returns

a new jwt in json format.

Return type

Dict

Raises

InvalidJwtJson – if your jwt_json is not a Dict.

myjwt.modify_jwt.signature(jwt_json: Dict, key: str)str[source]

Sign your jwt.

Parameters
  • jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).

  • key (str) – key for dign your new jwt.

Returns

new jwt.

Return type

str

Raises
  • InvalidJwtJson – if your jwt_json is not a Dict.

  • UnknownAlg – if your alg is not a valid alg. Accepted: none, HS{256,384,512}.

myjwt utils

Utils package

myjwt.utils.copy_to_clipboard(jwt: str)None[source]

Copy txt to clipboard.

Parameters

jwt (str) – your jwt.

myjwt.utils.create_crt()[source]

Create crt + pem

Returns

crt + pem

Return type

str, str

myjwt.utils.encode_jwt(jwt_json: Dict)str[source]

Transform your jwt dict to a jwt string without “.” + signature.

Parameters

jwt_json (Dict) – dict with key header and payload.

Returns

jwt string encoded

Return type

str

myjwt.utils.encoded_to_json(encoded_string: str)Dict[source]

Transform your encoded string to dict.

Parameters

encoded_string (str) – your string base64 encoded.

Returns

your string cast to a dict.

Return type

Dict

myjwt.utils.is_valid_jwt(jwt: str)bool[source]

Check your jwt.

Parameters

jwt (str) – jwt string.

Returns

True if jwt is valid , False else

Return type

bool

myjwt.utils.is_valid_jwt_json(jwt_json: Dict)bool[source]

Check your jwt dict.

Parameters

jwt_json (Dict) – your jwt dict.

Returns

True if jwt_json is valid , False else

Return type

bool

myjwt.utils.jwt_to_json(jwt: str)Dict[source]

Transform your jwt’s string to a dict.

Parameters

jwt (str) – your jwt.

Returns

a dict with key: header with value base64_decode(header), payload with value base64_decode(payload), and signature with value signature.

Return type

Dict

myjwt Exception

Exception package

exception myjwt.Exception.InvalidJWT(message)[source]

Invalid JWT

exception myjwt.Exception.InvalidJwtJson(message)[source]

Invalid InvalidJwtJson

exception myjwt.Exception.InvalidParam(message)[source]

Invalid Param

exception myjwt.Exception.UnknownAlg(message)[source]

Indices and tables