jwt-key-id-injector
Vulnerability Detector
Detects vulnerability in JWT tokens by injecting an unexpected key ID field and generating tokens with one-letter secrets
Simple python script to check against hypothetical JWT vulnerability.
50 stars
4 watching
11 forks
Language: Python
last commit: almost 4 years ago
Linked from 1 awesome list
vavkamil/awesome-bugbounty-toolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| dariusztytko/token-reverser | A tool to generate words lists from known data and crack MD5 hashes used in security tokens | 110 |
 restuwahyu13/jwt-transform | Tools for transforming and decrypting JSON Web Tokens using encryption algorithms | 18 |
 zaubrik/djwt | Provides utilities and functions for creating, verifying, and decoding JSON Web Tokens (JWTs) using cryptographic algorithms. | 228 |
 nccgroup/jwt-reauth | An extension for the Burp Suite web security testing tool that caches authentication tokens and injects them into subsequent requests. | 100 |
 ticarpi/jwt_tool | A toolkit for testing and analyzing JSON Web Tokens for security vulnerabilities | 5,451 |
 dvsekhvalnov/jose-jwt | A library implementing JSON Web Token and related security protocols for .NET development | 946 |
 pyupio/safety | Detects known security vulnerabilities in Python dependencies and provides recommendations for remediation. | 1,731 |
 kugg/irule-detector | Detects and analyzes command injection vulnerabilities in iRules written in the Tool Command Language (Tcl), allowing for identification of potential security flaws. | 5 |
 david-a-wheeler/flawfinder | Analyzes C/C++ source code for security vulnerabilities and reports potential flaws. | 489 |
 jzadeh/aktaion | A lightweight tool for detecting exploits and generating policies based on micro behaviors of malicious activities | 142 |
 johnnykv/heralding | A tool designed to detect and collect sensitive information from malicious users by mimicking popular network services | 376 |
 hahwul/jwt-hack | A tool for testing and cracking JSON Web Tokens (JWTs) using brute-force and dictionary attacks. | 763 |
 jlospinoso/unfurl | An entropy-based tool to identify link vulnerabilities in software | 60 |
 urule99/jsunpack-n | A tool designed to emulate browser behavior and detect vulnerabilities in web-based exploits | 162 |
 lmammino/jwt-cracker | A tool designed to guess the secret behind JWT tokens with weak secrets | 1,039 |