testing-jwt-token-security
CommunityAudit JWT security end-to-end in authorized tests.
Software Engineering#jwt#web-security#penetration-testing#security-testing#token-security#jwks#jwt-tool
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill provides a structured methodology and tooling guidance to identify weaknesses in JSON Web Token implementations during authorized security engagements, reducing blind spots in authentication and authorization controls.
Core Features & Use Cases
- Algorithm testing workflows: Evaluate resilience against algorithm None and algorithm confusion attacks.
- Key discovery and token analysis: Discover JWKS endpoints, validate token signatures, and analyze claims for misconfigurations.
- Brute-force and tamper testing: Conduct HMAC secret brute-forcing and claim tampering in controlled environments to verify protection mechanisms.
- Use case: Assess a web API using JWTs to ensure proper signing, key management, and revocation practices.
Quick Start
Run the JWT security agent against a target service to begin automated JWT testing.
Dependency Matrix
Required Modules
pyjwtrequestsurllib3
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: testing-jwt-token-security Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#testing-jwt-token-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.