[Tool Request] - jwtxploiter

Hi, I’m here to brig to your attention, my new tool. It’s command line interface to test security of JWTs. It covers all known CVEs affecting JSON Web Tokens. It supports all algorithms defined by the JWA standard. It also provides functionality to verify token, with a single key, or parsing a JWKS file to find the JWK used to verify (if there). You can also access subclaims, without other user interaction or have to pass json strings.
The release I’m linking to, provides also a deb package, that should be ok, but let me know if changes are needed.

Thank you for your suggestion. For now we can’t add any tools. We are doing the package maintaining for all tools and stop using Kali repo so it is a very huge work. We’ll go back to all tool laters.

1 Like

Thanks for your reply. It sounds cool, keep your great job up guys. We’ll be in touch laters

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.