jwt-attack

Community

Exploit JWT auth flaws for unauthorized access.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the problem of undetected JWT authentication vulnerabilities that allow attackers to bypass access controls and gain unauthorized access to protected APIs, user accounts, and sensitive data during web application security assessments.

Core Features & Use Cases

  • Multi-Vector JWT Attack Methodology: Covers alg:none bypass, RS256→HS256 key confusion, weak HMAC secret brute-forcing, kid header injection, expired token reuse, and hardcoded JWT extraction from JavaScript bundles and source code.
  • Field-Tested Techniques: All attack methods are validated against real-world targets including enterprise portals, fintech processors, and government systems with confirmed successful exploitation.
  • Use Case: Use this skill after identifying Bearer authentication headers or JWT token patterns in JavaScript bundles during initial web reconnaissance to escalate access and retrieve sensitive data from protected endpoints.

Quick Start

Use the jwt-attack skill to test a captured JWT token from the target application's Authorization header for alg:none bypass vulnerabilities and weak secret brute-forcing weaknesses.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: jwt-attack
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#jwt-attack

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.