jwt-hack

JWT security testing automation

Description

jwt-hack is a tool for hacking/security testing of JWT tokens. It includes encoding, decoding, and cracking capabilities for testing JWT implementations.

Installation

BASH

go install github.com/hahwul/jwt-hack@latest

Basic Usage

                        BASH
                        
                            # Decode JWT
jwt-hack decode <JWT>

# Encode with payload
jwt-hack encode -p '{"sub":"admin"}' -s secret

Advanced Usage

                        BASH
                        
                            # Crack secret
jwt-hack crack <JWT> -w wordlist.txt

# None algorithm attack
jwt-hack payload <JWT> -p '{"role":"admin"}' --alg none

Back to JWT / JSON Security