GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rishuranjanofficial → JWTweak

rishuranjanofficial / JWTweak

Licence: other
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

automationjwtauthenticationauthorizationjwt-tokensapplication-securitypentestingbugbountyappsecvulnerability-assessmentjwt-algorithmsecurity-enthusiasts

Projects that are alternatives of or similar to JWTweak

Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (+32.94%)
Mutual labels:  application-security, pentesting, bugbounty, appsec, vulnerability-assessment
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+4021.18%)
Mutual labels:  application-security, pentesting, appsec
nerdbug
Full Nuclei automation script with logic explanation.
Stars: ✭ 153 (+80%)
Mutual labels:  application-security, bugbounty, appsec
Watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+305.88%)
Mutual labels:  application-security, bugbounty, vulnerability-assessment
Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+7276.47%)
Mutual labels:  application-security, pentesting, appsec
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+8424.71%)
Mutual labels:  pentesting, bugbounty, appsec
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (+137.65%)
Mutual labels:  application-security, bugbounty, appsec
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+4456.47%)
Mutual labels:  application-security, pentesting, bugbounty
www-project-zap
OWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-38.82%)
Mutual labels:  appsec, vulnerability-assessment
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (+14.12%)
Mutual labels:  application-security, appsec
Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-49.41%)
Mutual labels:  application-security, bugbounty
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+8762.35%)
Mutual labels:  application-security, appsec
spring-boot-jwt-auth
🔑 Sample Spring boot application secured using JWT auth in custom header(X-Auth-Token).
Stars: ✭ 57 (-32.94%)
Mutual labels:  authorization, jwt-tokens
authz0
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: ✭ 248 (+191.76%)
Mutual labels:  authorization, bugbounty
Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (+377.65%)
Mutual labels:  authorization, application-security
sqlinjection-training-app
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-34.12%)
Mutual labels:  application-security, appsec
Juice Shop Ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (+180%)
Mutual labels:  application-security, pentesting
vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+692.94%)
Mutual labels:  bugbounty, appsec
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-49.41%)
Mutual labels:  bugbounty, appsec
juice-shop-ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
Stars: ✭ 287 (+237.65%)
Mutual labels:  application-security, pentesting
View All Similar Projects ➔

JWTweak

GitHub stars GitHub forks

Introduction

With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementation. This tool is designed to automate the process of modifying the JWT algorithm of input JWT Token and then generate the new JWT based on the new algorithm.

Requirements

  • Python 3 (tested and working fine in python-3.7.7/Kali and python-3.8.2/Windows 10)
  • pip3 install pycryptodomex

Features

  • Detects the algorithm of the input JWT Token
  • Base64 decode the input JWT Token
  • Generate new JWT by changing the algorithm of the input JWT to 'none'
  • Generate new JWT by changing the algorithm of the input JWT to 'HS256'
  • Generate new JWT by changing the algorithm of the input JWT to 'HS384'
  • Generate new JWT by changing the algorithm of the input JWT to 'HS512'
  • Generate new JWT by changing the algorithm of the input JWT to 'RS256'
  • Generate new JWT by changing the algorithm of the input JWT to 'RS384'
  • Generate new JWT by changing the algorithm of the input JWT to 'RS512'

Download Link

JWTweak.py

POC

jwtweak

Issues and Suggestions

GitHub issues

Author

Rishu Ranjan

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].