Skills
.Work. You
Rest

offensive-jwt

Community

Expose JWT weaknesses to test token security.

Software Engineering#authentication#jwt#web-security#token#penetration-testing#jwks#jwk
Authorerkanrzgc
Version1.0.0
Installs0

System Documentation

What problem does it solve?

JWT-based authentication often suffers from misconfigurations and weak implementation details that allow token forgery, bypass, or leakage. This skill provides a comprehensive methodology to identify and exploit these weaknesses in order to assess the security of token-based access controls.

Core Features & Use Cases

  • Identify algorithm-related weaknesses (alg:none, confusion between RS256/HS256) and misconfigurations in token validation.
  • Test header-related vulnerabilities (kid, jku, jwk, x5u) and JWKS caching risks in web/mobile apps.
  • Assess token handling in mobile and web clients, including storage, transmission, and validation gaps, to inform remediation.

Quick Start

Decode a sample JWT and attempt algorithm confusion, weak secret testing, and JWKS retrieval in a safe, authorized environment.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: offensive-jwt
Download link: https://github.com/erkanrzgc/cyberm4fia-scanner/archive/main.zip#offensive-jwt

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.