A comprehensive JWT attack CLI covering every major vulnerability class — from alg:none bypass to RS256→HS256 algorithm confusion, HMAC secret bruteforce, kid header injection (SQLi + path traversal), jku/x5u spoofing with built-in JWKS server, and full token forgery. Built for bug bounty hunters and red teamers.
jwt web-security json-web-token jwt-security penetration-testing-tools bug-bounty-tools jwt-attacks token-forgery algorithm-confusion
-
Updated
Apr 14, 2026 - Python