jwt-hack 2.5.0

Hack the JWT (JSON Web Token) - A tool for JWT security testing and token manipulation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

{% extends "base.html" %}

{% block title %}{{ site.title }} - A JWT Security Testing Toolkit{% endblock %}

{% block body %}
<main style="padding-top: var(--header-h);">
  <!-- Hero Section -->
  <section class="landing-hero">
    <div class="hero-badge">{{ page.extra.hero_badge }}</div>
    <h1>{{ page.extra.hero_title }}</h1>
    <p class="hero-desc">{{ page.extra.hero_description }}</p>
    <div class="hero-buttons">
      <a href="/get_started/installation/" class="btn btn-primary">Get Started</a>
      <a href="https://github.com/hahwul/jwt-hack" class="btn btn-secondary" target="_blank" rel="noopener">View on GitHub</a>
    </div>

    <div class="terminal-mockup">
      <div class="terminal-header">
        <span class="terminal-dot red"></span>
        <span class="terminal-dot yellow"></span>
        <span class="terminal-dot green"></span>
      </div>
      <div class="terminal-body">
        <div><span class="prompt">$</span> <span class="cmd">jwt-hack decode eyJhbGciOiJIUzI1...</span></div>
        <div><span class="comment"># Decode and analyze JWT tokens</span></div>
        <br>
        <div><span class="prompt">$</span> <span class="cmd">jwt-hack crack -w wordlist.txt &lt;TOKEN&gt;</span></div>
        <div><span class="comment"># Crack JWT secrets with dictionary attacks</span></div>
        <br>
        <div><span class="prompt">$</span> <span class="cmd">jwt-hack scan &lt;TOKEN&gt;</span></div>
        <div><span class="comment"># Scan for JWT vulnerabilities</span></div>
      </div>
    </div>
  </section>

  <!-- Features Section -->
  <section class="landing-features">
    <div class="section-header">
      <h2>{{ page.extra.features_title }}</h2>
      <p>{{ page.extra.features_description }}</p>
    </div>
    <div class="features-grid">
      <div class="feature-card">
        <div class="feature-icon">
          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="16 18 22 12 16 6"/><polyline points="8 6 2 12 8 18"/></svg>
        </div>
        <h3>JWT/JWE Encoding & Decoding</h3>
        <p>Encode and decode JWT and JWE tokens with support for multiple algorithms, custom headers, and DEFLATE compression.</p>
      </div>
      <div class="feature-card">
        <div class="feature-icon">
          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg>
        </div>
        <h3>Signature Verification</h3>
        <p>Verify JWT signatures using secrets or keys for symmetric and asymmetric algorithms with expiration validation.</p>
      </div>
      <div class="feature-card">
        <div class="feature-icon">
          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 2l-2 2m-7.61 7.61a5.5 5.5 0 1 1-7.778 7.778 5.5 5.5 0 0 1 7.777-7.777zm0 0L15.5 7.5m0 0l3 3L22 7l-3-3m-3.5 3.5L19 4"/></svg>
        </div>
        <h3>Advanced Cracking</h3>
        <p>Crack JWT secrets using dictionary attacks or brute force methods with support for compressed tokens.</p>
      </div>
      <div class="feature-card">
        <div class="feature-icon">
          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><circle cx="12" cy="12" r="6"/><circle cx="12" cy="12" r="2"/></svg>
        </div>
        <h3>Attack Payload Generation</h3>
        <p>Generate various JWT attack payloads including none algorithm, algorithm confusion, and header manipulation attacks.</p>
      </div>
      <div class="feature-card">
        <div class="feature-icon">
          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polygon points="13 2 3 14 12 14 11 22 21 10 12 10 13 2"/></svg>
        </div>
        <h3>High Performance</h3>
        <p>Built with Rust for maximum speed and efficiency, leveraging parallel processing for intensive operations.</p>
      </div>
      <div class="feature-card">
        <div class="feature-icon">
          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="11" width="18" height="10" rx="2"/><circle cx="12" cy="5" r="2"/><path d="M12 7v4"/><line x1="8" y1="16" x2="8" y2="16"/><line x1="16" y1="16" x2="16" y2="16"/></svg>
        </div>
        <h3>MCP Server Support</h3>
        <p>Integrates with AI models via Model Context Protocol for intelligent JWT analysis and testing.</p>
      </div>
    </div>
  </section>

  <!-- CTA Section -->
  <section class="landing-cta">
    <h2>{{ page.extra.cta_title }}</h2>
    <p>{{ page.extra.cta_description }}</p>
    <a href="{{ page.extra.cta_button_url }}" class="btn btn-secondary" target="_blank" rel="noopener">{{ page.extra.cta_button_text }}</a>
  </section>
</main>
{% endblock %}