JWTweak : Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm

JWTweak is a tool to detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm. With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementation. This tool is designed to automate the process of modifying the JWT algorithm of input JWT Token and then generate the new JWT based on the new algorithm.

Requirements

  • Python 3 (tested and working fine in python-3.7.7/Kali and python-3.8.2/Windows 10)
  • pip3 install pycryptodomex

Features

  • Detects the algorithm of the input JWT Token
  • Base64 decode the input JWT Token
  • Generate new JWT by changing the algorithm of the input JWT to ‘none’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS256’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS384’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS512’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS256’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS384’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS512’

Download Link

JWTweak.py

POC

R K

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

2 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

2 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

3 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

4 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

4 days ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

4 days ago