performing-jwt-none-algorithm-attack
CommunityTest JWT none-algorithm bypasses safely.
Software Engineering#jwt#web-security#security-testing#authentication-bypass#none-algorithm#token-manipulation
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security testers identify and validate vulnerabilities related to JWT tokens by testing tokens with the "none" algorithm, exposing signature verification gaps.
Core Features & Use Cases
- Detect servers that accept unsigned JWTs by manipulating the alg header to none variants.
- Validate JWT handling across endpoints and assess potential privilege escalation or impersonation risks.
- Use in security assessments and penetration testing to verify proper token validation and least-privilege enforcement.
Quick Start
Run the agent against a target API endpoint to test for none-alg JWT vulnerabilities.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-jwt-none-algorithm-attack Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#performing-jwt-none-algorithm-attack Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.