# The JSON Web Token Toolkit v2
>*jwt_tool.py* is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens).
 
Its functionality includes:
* Checking the validity of a token
* Testing for known exploits:
* (CVE-2015-2951) The ***alg=none*** signature-bypass vulnerability
* (CVE-2016-10555) The ***RS/HS256*** public key mismatch vulnerability
* (CVE-2018-0114) ***Key injection*** vulnerability
* (CVE-2019-20933/CVE-2020-28637) ***Blank password*** vulnerability
* (CVE-2020-28042) ***Null signature*** vulnerability
* Scanning for misconfigurations or known weaknesses
* Fuzzing claim values to provoke unexpected behaviours
* Testing the validity of a secret/key file/Public Key/JWKS key
* Identifying ***weak keys*** via a High-speed ***Dictionary Attack***
* Forging new token header and payload contents and creating a new signature with the **key** or via another attack method
* Timestamp tampering
* RSA and ECDSA key generation, and reconstruction (from JWKS files)
* ...and lots more!
---
## Audience
This tool is written for **pentesters**, who need to check the strength of the tokens in use, and their susceptibility to known attacks. A range of tampering, signing and verifying options are available to help delve deeper into the potential weaknesses present in some JWT libraries.
It has also been successful for **CTF challengers** - as CTFs seem keen on JWTs at present.
It may also be useful for **developers** who are using JWTs in projects, but would like to test for stability and for known vulnerabilities when using forged tokens.
---
## Requirements
This tool is written natively in **Python 3** (version 3.6+) using the common libraries, however various cryptographic funtions (and general prettiness/readability) do require the installation of a few common Python libraries.
*(An older Python 2.x version of this tool is available on the legacy branch for those who need it, although this is no longer be supported or updated)*
---
## Installation
### Docker
The preferred usage for jwt_tool is with the [official Dockerhub-hosted jwt_tool docker image](https://hub.docker.com/r/ticarpi/jwt_tool)
The base command for running this is as follows:
Base command for running jwt_tool:
`docker run -it --network "host" --rm -v "${PWD}:/tmp" -v "${HOME}/.jwt_tool:/root/.jwt_tool" ticarpi/jwt_tool`
By using the above command you can tag on any other arguments as normal.
Note that local files in your current working directory will be mapped into the docker container's /tmp directory, so you can use them using that absolute path in your arguments.
i.e.
*/tmp/localfile.txt*
### Manual Install
Installation is just a case of downloading the `jwt_tool.py` file (or `git clone` the repo).
(`chmod` the file too if you want to add it to your *$PATH* and call it from anywhere.)
`$ git clone https://github.com/ticarpi/jwt_tool`
`$ python3 -m pip install -r requirements.txt`
On first run the tool will generate a config file, some utility files, logfile, and a set of Public and Private keys in various formats.
### Custom Configs
* To make best use of the scanning options it is **strongly advised** to copy the custom-generated JWKS file somewhere that can be accessed remotely via a URL. This address should then be stored in `jwtconf.ini` as the "jwkloc" value.
* In order to capture external service interactions - such as DNS lookups and HTTP requests - put your unique address for Burp Collaborator (or other alternative tools such as RequestBin) into the config file as the "httplistener" value.
***Review the other options in the config file to customise your experience.***
### Colour bug in Windows
To fix broken colours in Windows cmd/Powershell: uncomment the below two lines in `jwt_tool.py` (remove the "# " from the beginning of each line)
You will also need to install colorama: `python3 -m pip install colorama`
```
# import colorama
# colorama.init()
```
---
## Usage
The first argument should be the JWT itself (*unless providing this in a header or cookie value*). Providing no additional arguments will show you the decoded token values for review.
`$ python3 jwt_tool.py <JWT>`
or the Docker base command:
`$ docker run -it --network "host" --rm -v "${PWD}:/tmp" -v "${HOME}/.jwt_tool:/root/.jwt_tool" ticarpi/jwt_tool`
The toolkit will validate the token and list the header and payload values.
### Additional arguments
The many additional arguments will take you straight to the appropriate function and return you a token ready to use in your tests.
For example, to tamper the existing token run the following:
`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw -T`
Many options need additional values to set options.
For example, to run a particular type of exploit you need to choose the eXploit (-X) option and select the vulnerability (here using "a" for the *alg:none* exploit):
`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw -X a`
### Extra parameters
Some options such as Verifying tokens require additional parameters/files to be provided (here providing the Public Key in PEM format):
`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw -V -pk public.pem`
### Sending tokens to a web application
All modes now allow for sending the token directly to an application.
You need to specify:
* target URL (-t)
* a request header (-rh) or request cookies (-rc) that are needed by the application (***at least one must contain the token***)
* (optional) any POST data (where the request is a POST)
* (optional) any additional jwt_tool options, such as modes or tampering/injection options
* (optional) a *canary value* (-cv) - a text value you expect to see in a successful use of the token (e.g. "Welcome, ticarpi")
An example request might look like this (using scanning mode for forced-errors):
`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc "jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test" -rh "Origin: null" -cv "Welcome" -M er`
Various responses from the request are displayed:
* Response code
* Response size
* Unique request tracking ID (for use with logging)
* Mode/options used
---
## Common Workflow
Here is a quick run-through of a basic assessment of a JWT implementation. If no success with these options then dig deeper into other modes and options to hunt for new vulnerabilities (or zero-days!).
### Recon:
Read the token value to get a feel for the claims/values expected in the application:
`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw`
### Scanning:
Run a ***Playbook Scan*** using the provided token directly against the application to hunt for common misconfigurations:
`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc "jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test" -M pb`
### Exploitation:
If any successful vulnerabilities are found change any relevant claims to try to exploit it (here using the *Inject JWKS* exploit and injecting a new username):
`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc "jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test" -X i -I -pc name -pv admin`
### Fuzzing:
Dig deeper by testing for unexpected values and claims to identify unexpected app behaviours, or run attacks on programming logic or token processing:
`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc "jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test" -I -hc kid -hv custom_sqli_vectors.txt`
### Review:
Review any successful exploitation by querying the logs to read more data about the request and :
`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc "jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test" -X i -I -pc name -pv admin`
---
### Help
For a list of options call the usage function:
Some options such as Verifying tokens require additional parameters/files to be provided:
`$ python3 jwt_tool.py -h`
**A more detailed user guide can be found on the [wiki page](https://github.com/ticarpi/jwt_tool/wiki/Using-jwt_tool).**
---
## JWT Attack Playbook - new wiki content!
Head over to the [JWT Attack Playbook](https://github.com/ticarpi/jwt_tool/wiki) for a detailed run-though of what JWTs are, what they do, and a full workflow of how to thoroughly test them for vulnerabilities, common weaknesses and unintended coding errors.
---
## Tips
**Regex for finding JWTs in Burp Search**
*(make sure 'Case sensitive' and 'Regex' options are ticked)*
`[= ]eyJ[A-Za-z0-9_-]*\.[A-Za-z0-9._-]*` - url-safe JWT version
`[= ]eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*` - all JWT versions (higher possibility of false positives)
---
## Further Reading
* [JWT Attack Playbook (https://github.com/ticarpi/jwt_tool/wiki)](https://github.com/ticarpi/jwt_tool/wiki) - for a thorough JWT testing methodology
* [A great intro to JWTs - https://jwt.io/introduction/](https://jwt.io/introduction/)
* A lot of the initial inspiration for this tool comes from the vulnerabilities discovered by Tim McLean.
[Check out his blog on JWT weaknesses here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/)
* A whole bunch of exercises for testing JWT vulnerabilities are provided by [Pentesterlab (https://www.pentesterlab.com)](https://www.pentesterlab.com). I'd highly recommend a PRO subscription if you are interested in Web App Pentesting.
*PLEASE NOTE:* This toolkit will solve most of the Pentesterlab JWT exercises in a few seconds when used correctly, however I'd **strongly** encourage you to work through these exercises yourself, working out the structure and the weaknesses. After all, it's all about learning...
Raw data
{
"_id": null,
"home_page": null,
"name": "jwt-tool",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "security, jwt",
"author": null,
"author_email": "ticarpi <andy.tyler@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/54/47/ef2b060fce7df4916b1fa33e1b4089c9a910a61a6d94b9a08ac267b8c485/jwt_tool-2.3.0a0.tar.gz",
"platform": null,
"description": "# The JSON Web Token Toolkit v2\n>*jwt_tool.py* is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). \n\n \n\n\n\nIts functionality includes:\n* Checking the validity of a token\n* Testing for known exploits:\n * (CVE-2015-2951) The ***alg=none*** signature-bypass vulnerability\n * (CVE-2016-10555) The ***RS/HS256*** public key mismatch vulnerability\n * (CVE-2018-0114) ***Key injection*** vulnerability\n * (CVE-2019-20933/CVE-2020-28637) ***Blank password*** vulnerability\n * (CVE-2020-28042) ***Null signature*** vulnerability\n* Scanning for misconfigurations or known weaknesses\n* Fuzzing claim values to provoke unexpected behaviours\n* Testing the validity of a secret/key file/Public Key/JWKS key\n* Identifying ***weak keys*** via a High-speed ***Dictionary Attack***\n* Forging new token header and payload contents and creating a new signature with the **key** or via another attack method\n* Timestamp tampering\n* RSA and ECDSA key generation, and reconstruction (from JWKS files)\n* ...and lots more!\n\n---\n\n## Audience\nThis tool is written for **pentesters**, who need to check the strength of the tokens in use, and their susceptibility to known attacks. A range of tampering, signing and verifying options are available to help delve deeper into the potential weaknesses present in some JWT libraries. \nIt has also been successful for **CTF challengers** - as CTFs seem keen on JWTs at present. \nIt may also be useful for **developers** who are using JWTs in projects, but would like to test for stability and for known vulnerabilities when using forged tokens.\n\n---\n\n## Requirements\nThis tool is written natively in **Python 3** (version 3.6+) using the common libraries, however various cryptographic funtions (and general prettiness/readability) do require the installation of a few common Python libraries. \n*(An older Python 2.x version of this tool is available on the legacy branch for those who need it, although this is no longer be supported or updated)*\n\n---\n\n## Installation\n\n### Docker\nThe preferred usage for jwt_tool is with the [official Dockerhub-hosted jwt_tool docker image](https://hub.docker.com/r/ticarpi/jwt_tool) \nThe base command for running this is as follows: \nBase command for running jwt_tool: \n`docker run -it --network \"host\" --rm -v \"${PWD}:/tmp\" -v \"${HOME}/.jwt_tool:/root/.jwt_tool\" ticarpi/jwt_tool` \n\nBy using the above command you can tag on any other arguments as normal. \nNote that local files in your current working directory will be mapped into the docker container's /tmp directory, so you can use them using that absolute path in your arguments. \ni.e. \n*/tmp/localfile.txt*\n\n### Manual Install\nInstallation is just a case of downloading the `jwt_tool.py` file (or `git clone` the repo). \n(`chmod` the file too if you want to add it to your *$PATH* and call it from anywhere.)\n\n`$ git clone https://github.com/ticarpi/jwt_tool` \n`$ python3 -m pip install -r requirements.txt` \n\nOn first run the tool will generate a config file, some utility files, logfile, and a set of Public and Private keys in various formats. \n\n### Custom Configs\n* To make best use of the scanning options it is **strongly advised** to copy the custom-generated JWKS file somewhere that can be accessed remotely via a URL. This address should then be stored in `jwtconf.ini` as the \"jwkloc\" value. \n* In order to capture external service interactions - such as DNS lookups and HTTP requests - put your unique address for Burp Collaborator (or other alternative tools such as RequestBin) into the config file as the \"httplistener\" value. \n***Review the other options in the config file to customise your experience.***\n\n### Colour bug in Windows\nTo fix broken colours in Windows cmd/Powershell: uncomment the below two lines in `jwt_tool.py` (remove the \"# \" from the beginning of each line) \nYou will also need to install colorama: `python3 -m pip install colorama`\n```\n# import colorama\n# colorama.init()\n```\n---\n\n## Usage\nThe first argument should be the JWT itself (*unless providing this in a header or cookie value*). Providing no additional arguments will show you the decoded token values for review. \n`$ python3 jwt_tool.py <JWT>` \nor the Docker base command: \n`$ docker run -it --network \"host\" --rm -v \"${PWD}:/tmp\" -v \"${HOME}/.jwt_tool:/root/.jwt_tool\" ticarpi/jwt_tool` \n\nThe toolkit will validate the token and list the header and payload values. \n\n### Additional arguments\nThe many additional arguments will take you straight to the appropriate function and return you a token ready to use in your tests. \nFor example, to tamper the existing token run the following: \n`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw -T` \n\nMany options need additional values to set options. \nFor example, to run a particular type of exploit you need to choose the eXploit (-X) option and select the vulnerability (here using \"a\" for the *alg:none* exploit): \n`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw -X a`\n\n### Extra parameters\nSome options such as Verifying tokens require additional parameters/files to be provided (here providing the Public Key in PEM format): \n`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw -V -pk public.pem` \n\n### Sending tokens to a web application\nAll modes now allow for sending the token directly to an application. \nYou need to specify: \n* target URL (-t)\n* a request header (-rh) or request cookies (-rc) that are needed by the application (***at least one must contain the token***)\n* (optional) any POST data (where the request is a POST)\n* (optional) any additional jwt_tool options, such as modes or tampering/injection options \n* (optional) a *canary value* (-cv) - a text value you expect to see in a successful use of the token (e.g. \"Welcome, ticarpi\") \nAn example request might look like this (using scanning mode for forced-errors): \n`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc \"jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test\" -rh \"Origin: null\" -cv \"Welcome\" -M er` \n\nVarious responses from the request are displayed: \n* Response code\n* Response size\n* Unique request tracking ID (for use with logging)\n* Mode/options used\n\n---\n\n## Common Workflow\n\nHere is a quick run-through of a basic assessment of a JWT implementation. If no success with these options then dig deeper into other modes and options to hunt for new vulnerabilities (or zero-days!). \n\n### Recon: \nRead the token value to get a feel for the claims/values expected in the application: \n`$ python3 jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw` \n\n### Scanning:\nRun a ***Playbook Scan*** using the provided token directly against the application to hunt for common misconfigurations: \n`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc \"jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test\" -M pb` \n\n### Exploitation:\nIf any successful vulnerabilities are found change any relevant claims to try to exploit it (here using the *Inject JWKS* exploit and injecting a new username): \n`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc \"jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test\" -X i -I -pc name -pv admin` \n\n### Fuzzing:\nDig deeper by testing for unexpected values and claims to identify unexpected app behaviours, or run attacks on programming logic or token processing: \n`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc \"jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test\" -I -hc kid -hv custom_sqli_vectors.txt` \n\n### Review:\nReview any successful exploitation by querying the logs to read more data about the request and : \n`$ python3 jwt_tool.py -t https://www.ticarpi.com/ -rc \"jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po;anothercookie=test\" -X i -I -pc name -pv admin` \n\n---\n\n### Help\nFor a list of options call the usage function:\nSome options such as Verifying tokens require additional parameters/files to be provided: \n`$ python3 jwt_tool.py -h`\n\n**A more detailed user guide can be found on the [wiki page](https://github.com/ticarpi/jwt_tool/wiki/Using-jwt_tool).**\n\n---\n\n## JWT Attack Playbook - new wiki content! \n\n\nHead over to the [JWT Attack Playbook](https://github.com/ticarpi/jwt_tool/wiki) for a detailed run-though of what JWTs are, what they do, and a full workflow of how to thoroughly test them for vulnerabilities, common weaknesses and unintended coding errors.\n\n---\n\n## Tips\n**Regex for finding JWTs in Burp Search** \n*(make sure 'Case sensitive' and 'Regex' options are ticked)* \n`[= ]eyJ[A-Za-z0-9_-]*\\.[A-Za-z0-9._-]*` - url-safe JWT version \n`[= ]eyJ[A-Za-z0-9_\\/+-]*\\.[A-Za-z0-9._\\/+-]*` - all JWT versions (higher possibility of false positives)\n\n---\n\n## Further Reading\n* [JWT Attack Playbook (https://github.com/ticarpi/jwt_tool/wiki)](https://github.com/ticarpi/jwt_tool/wiki) - for a thorough JWT testing methodology\n\n* [A great intro to JWTs - https://jwt.io/introduction/](https://jwt.io/introduction/)\n\n* A lot of the initial inspiration for this tool comes from the vulnerabilities discovered by Tim McLean. \n[Check out his blog on JWT weaknesses here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/) \n\n* A whole bunch of exercises for testing JWT vulnerabilities are provided by [Pentesterlab (https://www.pentesterlab.com)](https://www.pentesterlab.com). I'd highly recommend a PRO subscription if you are interested in Web App Pentesting. \n\n *PLEASE NOTE:* This toolkit will solve most of the Pentesterlab JWT exercises in a few seconds when used correctly, however I'd **strongly** encourage you to work through these exercises yourself, working out the structure and the weaknesses. After all, it's all about learning...\n",
"bugtrack_url": null,
"license": "GPL-3.0-or-later",
"summary": "JWT Tool is a toolkit for testing, tweaking and cracking JSON Web Tokens.",
"version": "2.3.0a0",
"project_urls": {
"Repository": "https://github.com/ticarpi/jwt_tool"
},
"split_keywords": [
"security",
" jwt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6ed3544ec2254282c3421dfca04c9d316dc3fb5d02e8287b36d5681d31c2fb7d",
"md5": "d6397ed4de1cb8cab6de5b8b8b1361f8",
"sha256": "c5b1e81dec8a26873668f488ec8a3d86a6ab326cbfe0f77d8608d577d424cc6b"
},
"downloads": -1,
"filename": "jwt_tool-2.3.0a0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d6397ed4de1cb8cab6de5b8b8b1361f8",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 38482,
"upload_time": "2024-06-09T19:37:44",
"upload_time_iso_8601": "2024-06-09T19:37:44.006561Z",
"url": "https://files.pythonhosted.org/packages/6e/d3/544ec2254282c3421dfca04c9d316dc3fb5d02e8287b36d5681d31c2fb7d/jwt_tool-2.3.0a0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "5447ef2b060fce7df4916b1fa33e1b4089c9a910a61a6d94b9a08ac267b8c485",
"md5": "905eda09b06142a2ccad43cb4d253354",
"sha256": "f6fe2ede690d370788a5b442038a8067efceca563da538919de70d81c876bc82"
},
"downloads": -1,
"filename": "jwt_tool-2.3.0a0.tar.gz",
"has_sig": false,
"md5_digest": "905eda09b06142a2ccad43cb4d253354",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 41774,
"upload_time": "2024-06-09T19:37:45",
"upload_time_iso_8601": "2024-06-09T19:37:45.420796Z",
"url": "https://files.pythonhosted.org/packages/54/47/ef2b060fce7df4916b1fa33e1b4089c9a910a61a6d94b9a08ac267b8c485/jwt_tool-2.3.0a0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-09 19:37:45",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ticarpi",
"github_project": "jwt_tool",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "termcolor",
"specs": []
},
{
"name": "cprint",
"specs": []
},
{
"name": "pycryptodomex",
"specs": []
},
{
"name": "requests",
"specs": []
}
],
"lcname": "jwt-tool"
}
JSON
