A browser-based JWT security toolkit that decodes, audits, brute-forces weak secrets, forges tampered tokens, and simulates real-world attacks — with instant Python/PyJWT fix code generation.

A comprehensive JWT attack CLI covering every major vulnerability class — from alg:none bypass to RS256→HS256 algorithm confusion, HMAC secret bruteforce, kid header injection (SQLi + path traversal), jku/x5u spoofing with built-in JWKS server, and full token forgery. Built for bug bounty hunters and red teamers.

Analyze, test, and harden JWTs in-browser with decoding, security checks, brute-force secret testing, tampering, and PyJWT fix code.