This tool is written for pentesters, who need to check the strength of the tokens in use, and their susceptibility to known attacks. RSA and ECDSA key generation, and reconstruction (from JWKS files).Forging new token header and payload contents and creating a new signature with the key or via another attack method.Identifying weak keys via a High-speed Dictionary Attack.Testing the validity of a secret/key file/Public Key/JWKS key.Fuzzing claim values to provoke unexpected behaviours.Scanning for misconfigurations or known weaknesses.(CVE-2020-28042) Null signature vulnerability.(CVE-2018-0114) Key injection vulnerability. ![]() (CVE-2016-10555) The RS/HS256 public key mismatch vulnerability.(CVE-2015-2951) The alg=none signature-bypass vulnerability. ![]() Jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens).
0 Comments
Leave a Reply. |