JWTweak: Detects the algorithm of input JWT Token
JWTweak
With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementation. This tool is designed to automate the process of modifying the JWT algorithm of input JWT Token and then generate the new JWT based on the new algorithm.
Features
- Detects the algorithm of the input JWT Token
- Base64 decode the input JWT Token
- Generate new JWT by changing the algorithm of the input JWT to ‘none’
- Generate new JWT by changing the algorithm of the input JWT to ‘HS256’
- Generate new JWT by changing the algorithm of the input JWT to ‘HS384’
- Generate new JWT by changing the algorithm of the input JWT to ‘HS512’
- Generate new JWT by changing the algorithm of the input JWT to ‘RS256’
- Generate new JWT by changing the algorithm of the input JWT to ‘RS384’
- Generate new JWT by changing the algorithm of the input JWT to ‘RS512’
Install
Requirements
- Python 3 (tested and working fine in python-3.7.7/Kali and python-3.8.2/Windows 10)
- pip3 install pycryptodomex
Download
git clone https://github.com/rishuranjanofficial/JWTweak.git
Use
Author: Rishu Ranjan