[Name] - myjwt

[Version] - 1.1.2

[Homepage] - https://myjwt.readthedocs.io/en/latest/?badge=latest

[Download] - Pypi: https://pypi.org/project/myjwt/, Git: https://github.com/mBouamama/MyJWT/releases

[Author] - mBouamama, https://github.com/mBouamama

[Licence] - MIT

[Description] - This cli is for pentesters, CTF players, or dev. You can decode jwt, modify your jwt, sign with a new key, rsa/hmac confusion,brute force with dictionnary, crack signature, verify signature, inject sql ,jku bypass, x5u bypass, etc....With this tool you can exploit many miss-configurations of jwt.

[Dependencies] - Python3.6, click==7.1.2,requests==2.25.0,cryptography==3.2.1,pyOpenSSL==20.0.0, all dependencies are in requirements.txt, (pyup bot enable for update)

[Similar tools] - jwt_tool, jwtcat

[Activity] - When did the project start? 01/11/2020, last commit today.

[How to install] - How do you compile it? python -m pip install myjwt==1.1.2
Installation guide here: https://myjwt.readthedocs.io/en/latest/installation.html

[How to use] - myjwt --help for all usages with all options,
ex: myjwt eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjpudWxsfQ.Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM --bruteforce ./wordlist/common_pass.txt
output: JWT cracked, key is: pentesterlab

ex: myjwt eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjpudWxsfQ.Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM -p "user=admin" --sign pentesterlab --print
new JWT: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4ifQ.d9nOzQ6Dc-N077EOEhFVJdvA7ufgp8qb-fLLUkIyqZc
Header: {"typ": "JWT", "alg": "HS256"}
Payload: {"user": "admin"}
Signature: "d9nOzQ6Dc-N077EOEhFVJdvA7ufgp8qb-fLLUkIyqZc"

[Packaged] - Is the tool already packaged for Debian?No