rmyjwt API Essentials

This section exposes the API for all the myjwt functionality that will be necessary for most users.

myjwt vulnerabilities

All methods needed to try vulnerabilities on jwt

myjwt.vulnerabilities.bruteforce_wordlist(jwt: str, filename: str) → str[source]

Crack your jwt with wordlist.

Parameters

jwt (str) – your jwt string.
filename (str) – path file of your wordlist txt file.

Returns

your new jwt or “” if the valid key is not found.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.confusion_rsa_hmac(jwt: str, filename: str) → str[source]

Check rsa/hmac confusion.

Parameters

jwt (str) – your jwt string.
filename (str) – path file of your public key.

Returns

your new jwt.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.inject_sql_kid(jwt: str, injection: str) → str[source]

Inject sql to your jwt.

Parameters

jwt (str) – your jwt.
injection (str) – your kid injection.

Returns

your new jwt.

Return type

str

Raises

InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.jku_vulnerability(jwt=None, url=None, file=None, pem=None)[source]

Check jku Vulnerability.

Parameters

jwt (str) – your jwt.
url (str) – your url.
file (str) – your output json file name
pem (str) – pem file name

Returns

your new jwt.

Return type

str

myjwt.vulnerabilities.none_vulnerability(jwt: str) → str[source]

Check none Vulnerability.

Parameters: jwt (str) – your jwt string.
Returns: your new jwt.
Return type: str
Raises: InvalidJWT – if your jwt is not valid.

myjwt.vulnerabilities.print_decoded(jwt: str)[source]

Print your jwt.

Parameters: jwt (str) – your jwt.
Returns: Print your jwt.
Return type: None

myjwt.vulnerabilities.send_jwt_to_url(url: str, method: str, data: Dict, cookies: Dict, jwt: str) → requests.models.Response[source]

Parameters

url (str) – your url.
method (str) – method (GET, POST, etc…..).
data (Dict) – json to send.
cookies (Dict) – cookies to send.
jwt (str) – your jwt.

Returns

Response

Return type

requests.Response

myjwt.vulnerabilities.x5u_vulnerability(jwt=None, url=None, crt=None, pem=None, file=None)[source]

Check jku Vulnerability.

Parameters

jwt (str) – your jwt.
url (str) – your url.
crt (str) – crt path file
pem (str) – pem file name
file (str) – jwks file name

Returns

your new jwt.

Return type

str

myjwt modify jwt

Package for modify your jwt(header, payload, signature)

myjwt.modify_jwt.add_header(jwt_json: Dict, header: Dict) → Dict[source]

Add new key:value to jwt’s header.

Parameters

jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
header (Dict) – add value to your header.

Returns

a new jwt in json format.

Return type

Dict

Raises

InvalidJwtJson – if your jwt_json is not a Dict.
InvalidParam – if your header is not a Dict.

myjwt.modify_jwt.add_payload(jwt_json: Dict, payload) → Dict[source]

Add new key:value to jwt’s payload.

Parameters

jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
payload (Dict) – add value to your payload.

Returns

a new jwt in json format.

Return type

Dict

Raises

InvalidJwtJson – if your jwt_json is not a Dict.
InvalidParam – if your payload is not a Dict.

myjwt.modify_jwt.change_alg(jwt_json: Dict, algo: str) → Dict[source]

Change alg of your jwt.

Parameters

jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
algo (str) – new algo.

Returns

a new jwt in json format.

Return type

Dict

Raises

InvalidJwtJson – if your jwt_json is not a Dict.

myjwt.modify_jwt.change_payload(jwt_json: Dict, payload: Dict) → Dict[source]

Change the current payload to your jwt_json for the new payload given.

Parameters

jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
payload (Dict) – new payload

Returns

a new jwt in json format.

Return type

Dict

Raises

InvalidJwtJson – if your jwt_json is not a Dict.

myjwt.modify_jwt.signature(jwt_json: Dict, key: str) → str[source]

Sign your jwt.

Parameters

jwt_json (Dict) – your jwt json (use encode_to_json.Check Doc).
key (str) – key for dign your new jwt.

Returns

new jwt.

Return type

str

Raises

InvalidJwtJson – if your jwt_json is not a Dict.
UnknownAlg – if your alg is not a valid alg. Accepted: none, HS{256,384,512}.

myjwt utils

Utils package

myjwt.utils.copy_to_clipboard(jwt: str) → None[source]

Copy txt to clipboard.

Parameters: jwt (str) – your jwt.

myjwt.utils.create_crt()[source]

Create crt + pem

Returns: crt + pem
Return type: str, str

myjwt.utils.encode_jwt(jwt_json: Dict) → str[source]

Transform your jwt dict to a jwt string without “.” + signature.

Parameters: jwt_json (Dict) – dict with key header and payload.
Returns: jwt string encoded
Return type: str

myjwt.utils.encoded_to_json(encoded_string: str) → Dict[source]

Transform your encoded string to dict.

Parameters: encoded_string (str) – your string base64 encoded.
Returns: your string cast to a dict.
Return type: Dict

myjwt.utils.is_valid_jwt(jwt: str) → bool[source]

Check your jwt.

Parameters: jwt (str) – jwt string.
Returns: True if jwt is valid , False else
Return type: bool

myjwt.utils.is_valid_jwt_json(jwt_json: Dict) → bool[source]

Check your jwt dict.

Parameters: jwt_json (Dict) – your jwt dict.
Returns: True if jwt_json is valid , False else
Return type: bool

myjwt.utils.jwt_to_json(jwt: str) → Dict[source]

Transform your jwt’s string to a dict.

Parameters: jwt (str) – your jwt.
Returns: a dict with key: header with value base64_decode(header), payload with value base64_decode(payload), and signature with value signature.
Return type: Dict

myjwt Exception

Exception package

exception myjwt.Exception.InvalidJWT(message)[source]: Invalid JWT

exception myjwt.Exception.InvalidJwtJson(message)[source]: Invalid InvalidJwtJson

exception myjwt.Exception.InvalidParam(message)[source]: Invalid Param

exception myjwt.Exception.UnknownAlg(message)[source]

rmyjwt API Essentials

myjwt vulnerabilities

myjwt modify jwt

myjwt utils

myjwt Exception

Indices and tables