cryptography · security · toolkit · v2.5.0

jwt-hack

A high-performance toolkit for testing, analyzing and attacking JSON Web Tokens

token.preview HS256 · 3-segment

header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

payload eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkhB...

sig SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQss...

$ jwt-hack decode <token>

capabilities

Essential Features

Discover jwt-hack's essential features for comprehensive attack surface detection and analysis.

JWT and JWE tokens with multiple algorithms, custom headers, and DEFLATE compression.

Symmetric and asymmetric algorithms verified with secrets or keys, plus expiration validation.

Crack JWT secrets via dictionary or brute-force, with support for compressed tokens.

Generate none-alg, algorithm confusion, and header manipulation attack variants.

Built in Rust with parallel processing for intensive operations — raw speed under load.

Integrate with AI models via Model Context Protocol for intelligent JWT analysis.

open source

JWT-HACK is an open-source project. If you want to contribute to this project, please see CONTRIBUTING.md and submit a pull request!