Features
JWT Analysis & Manipulation
- Real‑time JWT Decoder/Encoder — Decode, edit, and encode JWTs with live preview
- Signature Verification — Verify token signatures with custom secrets
- Algorithm Support — Full support for HS256/384/512, RS256/384/512, ES256/384/512, and none
- Claims Editor — Interactive JSON and table view for easy claims modification
Security Testing Tools
- JWT Secret Cracking — Brute‑force weak secrets using dictionary attacks
- 100,000+ Default Wordlist — Comprehensive built‑in wordlist for common secrets
- Custom Wordlist Support — Upload your own wordlists (up to 2MB)
- Real‑time Progress — Live attack logs and progress monitoring
- Algorithm Confusion Testing — Test for algorithm switching vulnerabilities
Pentesting Tool Collection
- JWTTool Integration — Powered by the renowned jwt_tool by @ticarpi
- Burp Suite Extensions — JWT Editor, Hackvertor, JWT4B integration guides
- Hashcat Support — GPU‑accelerated cracking capabilities
- Multiple Cracking Tools — Comprehensive toolkit for various attack vectors
JWT Scanner
- Automated JWT Vulnerability Scanner — Scan tokens for common vulnerabilities (none algorithm, weak secrets, insecure claims, etc.)
- Detailed Security Reports — Get actionable insights and recommendations
- One‑Click Scan — Instantly analyze any JWT for security issues
Screenshots
