jwt-attacks
OfficialExploit JWT vulnerabilities
Software Engineering#authorization#authentication#vulnerability#jwt#penetration testing#token forgery
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit vulnerabilities in JSON Web Tokens (JWTs) used for authentication and authorization, enabling privilege escalation or unauthorized access.
Core Features & Use Cases
- JWT Vulnerability Exploitation: Detects and exploits common JWT flaws like algorithm confusion, weak secrets, and header injection.
- Token Forgery & Tampering: Allows for the creation of malicious JWTs to impersonate users or gain elevated privileges.
- Use Case: A penetration tester suspects an application's JWT implementation is flawed. They use this Skill to test for
alg:nonevulnerabilities, attempt to crack a weak secret, or exploitkidinjection to forge an administrator token.
Quick Start
Use the jwt-attacks skill to decode the provided JWT token and identify potential vulnerabilities.
Dependency Matrix
Required Modules
jwt_toolhashcatopenssl
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jwt-attacks Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#jwt-attacks Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.