Skip to content

jwt_tool v2.0.2
Compare
Choose a tag to compare
@ticarpi ticarpi released this 28 Oct 17:18
· 28 commits to master since this release
v2.0.2
6dc2a07
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

jwt_tool v2.0.2 - MAJOR NEW VERSION

MAJOR REWRITE: lots more capabilities and new commandline arguments/flags - docs written and guides published
[+] Send tokens directly to the web application from jwt_tool, and proxy through existing tools (Burp, ZAP, etc.)
[+] ALL NEW SCANNING MODE!:

  • Scan for common vulnerabilities from the JWT Attack Playbook
  • Test for error conditions by forcing invalid content-types in claims
  • Test for unused valid claims by injection
    [+] Customise your default options in the config file
    [+] Built-in dictionaries and assistive lists to find bugs and misconfigurations
    [+] Logging enabled for all tokens, allowing audit, review and re-tampering of successful requests
    [+] Inject token claims and values on-the-fly across all modes, fuzz values from lists, and bruteforce accepted values

(This release - v2.0 [incorporating bugfixes from v2.0.1 and v2.0.2])

Assets 2
Loading