jwt_tool
JWT testing and exploitation toolkit
Advanced Topics6 commands
#jwt#auth#tokens#exploitation
Installation
1Clone repository
2Install dependencies
3Run jwt_tool
# Clone
git clone https://github.com/ticarpi/jwt_tool.git
cd jwt_tool
# Install dependencies
pip3 install -r requirements.txt
# Run
python3 jwt_tool.py -hBasic Usage
Test and manipulate JSON Web Tokens
# Decode JWT
python3 jwt_tool.py <JWT>
# Test all attacks
python3 jwt_tool.py -M at -t "https://example.com" <JWT>
# Tamper mode
python3 jwt_tool.py -T <JWT>
# Sign with key
python3 jwt_tool.py -S hs256 -p "secret" <JWT>Command Reference
6 commands
1All tests mode
-M at2Tamper mode
-T3Sign with algorithm
-S4Secret/key
-p5Inject claims
-I6Payload claim
-pcWhen to Use
1
JWT security testing2
Algorithm confusion attacks3
Token manipulation4
Key guessingNotes & Tips
1
Check for none algorithm2
Test algorithm confusion3
Try common weak secretsCommon Errors & Solutions
Invalid token format
Ensure proper JWT format with three parts