jwt-misconfig
OfficialExploit JWT auth flaws.
Software Engineering#authentication#jwt#web security#vulnerability testing#api security#misconfiguration
Authorsecurityfortech
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps identify and exploit common misconfigurations in JSON Web Token (JWT) based authentication systems, preventing unauthorized access and privilege escalation.
Core Features & Use Cases
- Detects Algorithmic Confusion: Identifies scenarios where servers incorrectly handle different JWT signing algorithms (e.g., RS256 vs. HS256).
- Exploits
alg:none: Leverages JWT libraries that improperly accept tokens with no signature. - Cracks Weak Secrets: Attempts to brute-force weak or dictionary-based HMAC secrets.
- Identifies
kidParameter Vulnerabilities: Tests for path traversal or SQL injection via the Key ID parameter. - Use Case: When encountering an
Authorization: Bearer <token>header, this skill will attempt to forge a valid token with elevated privileges by exploiting a weak secret or algorithm confusion.
Quick Start
Use the jwt-misconfig skill to test the provided JWT token for common vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
referencesscripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jwt-misconfig Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#jwt-misconfig Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.