jwt_tool

Workflow

No	Step	Description
1	Recon	Decode the token to see what's in it
2	Scan	Run a Playbook Scan against the app to check for common misconfigurations
3	Exploit	Exploit any identified vulnerability
4	Fuzz	Check for unexpected values and claims to identify unexpected app behaviours
5	Review	Check the logs of any successful exploitation

Recon

jwt_tool.py <token>

Scan

Key Cracking

Resources

Repository

GitHub - ticarpi/jwt_tool: :snake: A toolkit for testing, tweaking and cracking JSON Web TokensGitHub