#
token-forgery
Here are 2 public repositories matching this topic...
A comprehensive JWT attack CLI covering every major vulnerability class — from alg:none bypass to RS256→HS256 algorithm confusion, HMAC secret bruteforce, kid header injection (SQLi + path traversal), jku/x5u spoofing with built-in JWKS server, and full token forgery. Built for bug bounty hunters and red teamers.
jwt web-security json-web-token jwt-security penetration-testing-tools bug-bounty-tools jwt-attacks token-forgery algorithm-confusion
-
Updated
Apr 14, 2026 - Python
Improve this page
Add a description, image, and links to the token-forgery topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the token-forgery topic, visit your repo's landing page and select "manage topics."