JWTweak : Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm

JWTweak is a tool to detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm. With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementation. This tool is designed to automate the process of modifying the JWT algorithm of input JWT Token and then generate the new JWT based on the new algorithm.

Requirements

  • Python 3 (tested and working fine in python-3.7.7/Kali and python-3.8.2/Windows 10)
  • pip3 install pycryptodomex

Features

  • Detects the algorithm of the input JWT Token
  • Base64 decode the input JWT Token
  • Generate new JWT by changing the algorithm of the input JWT to ‘none’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS256’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS384’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS512’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS256’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS384’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS512’

Download Link

JWTweak.py

POC

R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

15 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

17 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

19 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

19 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

19 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 days ago