This repository contains a collection of tools for handling JSON Web Tokens (JWT) with a focus on security aspects. These tools are designed to assist with decoding, encoding, and analyzing JWTs. However, they can also help to understand potential security vulnerabilities associated with JWTs.
The tools are intended for educational purposes only. Misuse of these tools for malicious activities is not endorsed by the author.
- JWT Payload Modifier: This script decodes a given JWT, displays the payload, then allows the user to input a new payload and encodes it using the 'none' algorithm.
- JWT Secret Brute Forcer: This script checks each entry from a given file to see if it's a valid secret key for a provided JWT.
More tools coming soon!
Each script may require specific Python packages to be installed. Please refer to the requirements.txt file in each tool's directory for exact package requirements.
Please refer to the README file in each tool's directory for specific usage instructions.
Feel free to contribute to this repository by submitting pull requests. All contributions are appreciated!