jwt-key-id-injector
Vulnerability Detector
Detects vulnerability in JWT tokens by injecting an unexpected key ID field and generating tokens with one-letter secrets
Simple python script to check against hypothetical JWT vulnerability.
51 stars
4 watching
11 forks
Language: Python
last commit: about 4 years ago
Linked from 1 awesome list
vavkamil/awesome-bugbounty-toolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| dariusztytko/token-reverser | Tools to generate words lists and crack MD5 hashed security tokens from user data | 109 |
 restuwahyu13/jwt-transform | Tools for transforming and decrypting JSON Web Tokens using encryption algorithms | 18 |
 zaubrik/djwt | Provides utilities and functions for creating, verifying, and decoding JSON Web Tokens (JWTs) using cryptographic algorithms. | 228 |
 nccgroup/jwt-reauth | An extension for the Burp Suite web security testing tool that caches authentication tokens and injects them into subsequent requests. | 100 |
 ticarpi/jwt_tool | A toolkit for testing and analyzing JSON Web Tokens for security vulnerabilities | 5,501 |
 dvsekhvalnov/jose-jwt | A library implementing JSON Web Token and related security protocols for .NET development | 951 |
 pyupio/safety | Detects known security vulnerabilities in Python dependencies and provides recommendations for remediation. | 1,758 |
 kugg/irule-detector | Detects and analyzes command injection vulnerabilities in iRules written in the Tool Command Language (Tcl), allowing for identification of potential security flaws. | 5 |
 david-a-wheeler/flawfinder | Analyzes C/C++ source code for security vulnerabilities and reports potential flaws. | 498 |
 jzadeh/aktaion | A lightweight tool for detecting exploits and generating policies based on micro behaviors of malicious activities | 142 |
 johnnykv/heralding | A tool designed to detect and collect sensitive information from malicious users by mimicking popular network services | 377 |
 hahwul/jwt-hack | A tool for testing and cracking JSON Web Tokens (JWTs) using brute-force and dictionary attacks. | 770 |
 jlospinoso/unfurl | An entropy-based tool to identify link vulnerabilities in software | 60 |
 urule99/jsunpack-n | A tool designed to emulate browser behavior and detect vulnerabilities in web-based exploits | 163 |
 lmammino/jwt-cracker | A tool designed to guess the secret behind JWT tokens with weak secrets | 1,049 |