JWTXploiter : A Tool To Test Security Of Json Web Token

JWTXploiter is a tool to test security of JSON Web Tokens. Test a JWT against all known CVEs;

  • Tamper with the token payload: changes claims and subclaims values.
  • Exploit known vulnerable header claims (kid, jku, x5u)
  • Verify a token
  • Retrieve the public key of your target’s ssl connection and try to use it in a key confusion attack with one option only
  • All JWAs supported
  • Generates a JWK and insert it in the token header
  • And much, much more!

Wiki

  • Read the wiki! wiki

Installation

N.B. Cloning the repository should be avoided except for development purposes! N.B. Deb package has to be considered beta

  • With rpm:

wget http://andreatedeschi.uno/jwtxploiter/jwtxploiter-1.2.1-1.noarch.rpm
sudo rpm –install jwtxploiter-1.2.1-1.noarch.rpm

or, if previous version is installed on your machine

sudo rpm –upgrade jwtxploiter-1.2.1-1.noarch.rpm

With pip

sudo pip install jwtxploiter

With deb:

wget http://andreatedeschi.uno/jwtxploiter/jwtxploiter_1.2.1-1_all.deb
sudo dpkg -i jwtxploiter_1.2.1-1_all.deb

Cloing the repo:

git clone https://github.com/DontPanicO/jwtXploiter.git
./install.sh

N.B. python3-pip package is required to install dependencies, be sure to have it installed.

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

3 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

3 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

3 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

3 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

3 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

3 weeks ago