jwt-attacks

Here are 2 public repositories matching this topic...

kedi / jwt-attacker

tool to test and exploit common JWT security issues such as weak signing keys, alg:none bypasses, and RS/HS confusion attacks.

security jwt jwt-attacks

Updated Jul 5, 2025
Python

Zeeshanafridai / jwt-attack-suite

Star

A comprehensive JWT attack CLI covering every major vulnerability class — from alg:none bypass to RS256→HS256 algorithm confusion, HMAC secret bruteforce, kid header injection (SQLi + path traversal), jku/x5u spoofing with built-in JWKS server, and full token forgery. Built for bug bounty hunters and red teamers.

jwt web-security json-web-token jwt-security penetration-testing-tools bug-bounty-tools jwt-attacks token-forgery algorithm-confusion

Updated Apr 14, 2026
Python

Improve this page

Add a description, image, and links to the jwt-attacks topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the jwt-attacks topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly