testing-for-json-web-token-vulnerabilities
CommunityIdentify JWT weaknesses and prevent token abuse.
Software Engineering#vulnerability#jwt#token#pentest#algorithm-confusion#kid-injection#none-algorithm
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
JWT-based authentication in web apps is often vulnerable due to weak signing configurations, misconfigured headers, and missing claims.
Core Features & Use Cases
- Automated detection of common JWT weaknesses such as alg:none bypass, algorithm confusion, and header injections (kid, jku, x5u).
- Comprehensive analysis of token structure, claims (iss, sub, aud, exp), and expiration handling to identify missing or weak controls.
- Automated reporting with remediation guidance and practical testing workflows for API security, OAuth2/OpenID Connect deployments, and SSO scenarios.
Quick Start
Run the agent with a JWT token and an optional base URL to initiate automated vulnerability testing.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: testing-for-json-web-token-vulnerabilities Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#testing-for-json-web-token-vulnerabilities Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.