rsa_sig2n

The repository contains:

• Experimental code to calculate RSA public keys based on two known message-signature pairs (based on https://crypto.stackexchange.com/questions/30289/is-it-possible-to-recover-an-rsa-modulus-from-its-signatures/30301#30301)
• Code to extract and generate RSA and HMAC signatures for JWTs
• Proof-of-Concept code to exploit the CVE-2017-11424 key confusion vulnerability in pyJWT, without knowing the public key of the target

Additional reading: Abusing JWT Public Keys Without the Public Key

You probably want to use the Docker image provided in the standalone directory.