jwt-attack
CommunityExploit JWT auth flaws for unauthorized access.
Software Engineering#authentication#jwt#api-security#brute-force#penetration-testing#web-recon#token-forging
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the problem of undetected JWT authentication vulnerabilities that allow attackers to bypass access controls and gain unauthorized access to protected APIs, user accounts, and sensitive data during web application security assessments.
Core Features & Use Cases
- Multi-Vector JWT Attack Methodology: Covers alg:none bypass, RS256→HS256 key confusion, weak HMAC secret brute-forcing, kid header injection, expired token reuse, and hardcoded JWT extraction from JavaScript bundles and source code.
- Field-Tested Techniques: All attack methods are validated against real-world targets including enterprise portals, fintech processors, and government systems with confirmed successful exploitation.
- Use Case: Use this skill after identifying Bearer authentication headers or JWT token patterns in JavaScript bundles during initial web reconnaissance to escalate access and retrieve sensitive data from protected endpoints.
Quick Start
Use the jwt-attack skill to test a captured JWT token from the target application's Authorization header for alg:none bypass vulnerabilities and weak secret brute-forcing weaknesses.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jwt-attack Download link: https://github.com/uphiago/recon-skills/archive/main.zip#jwt-attack Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.