https://github.com/eshanized/jwtkit
JWTKit is a powerful web-based JWT hacking toolkit designed for ethical hackers and security researchers. Built with Flask and React, it allows you to analyze, manipulate, and exploit JSON Web Tokens for penetration testing. Ideal for discovering JWT vulnerabilities in web apps. Fast, intuitive, and open-source.
https://github.com/eshanized/jwtkit
cybersecurity eshanized javascript jsonwebtoken kit python
Last synced: 4 months ago
JSON representation
JWTKit is a powerful web-based JWT hacking toolkit designed for ethical hackers and security researchers. Built with Flask and React, it allows you to analyze, manipulate, and exploit JSON Web Tokens for penetration testing. Ideal for discovering JWT vulnerabilities in web apps. Fast, intuitive, and open-source.
- Host: GitHub
- URL: https://github.com/eshanized/jwtkit
- Owner: eshanized
- Created: 2025-04-23T19:48:38.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-10-27T20:42:02.000Z (8 months ago)
- Last Synced: 2025-10-30T00:55:01.828Z (8 months ago)
- Topics: cybersecurity, eshanized, javascript, jsonwebtoken, kit, python
- Language: Python
- Homepage: https://localhost:3000
- Size: 1.64 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 25
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Security: .github/SECURITY.md
Awesome Lists containing this project
README
# JWTKit - The Ultimate JWT Security Toolkit
JWTKit
Comprehensive JWT Security Analysis & Testing Platform
---
## ๐ Features
| Feature | Description |
|---------|-------------|
| ๐ **JWT Decoder** | Decode and analyze JWT structure with color-coded visualization |
| ๐ก๏ธ **Vulnerability Scanner** | Detect 20+ common JWT security issues |
| ๐ **Signature Verification** | Support for HS256, RS256, ES256 algorithms |
| โก **Performance Testing** | Benchmark JWT processing speed |
| ๐ **Security Reports** | Generate detailed security assessment reports |
| ๐งช **Test Suite** | 50+ pre-built test cases for JWT validation |
| ๐ญ **Attack Vectors** | Test various JWT attack vectors (Algorithm Confusion, Brute Force, Key Injection) |
---
## ๐ฆ Installation
```bash
# Clone the repository
git clone https://github.com/eshanized/JWTKit.git
cd JWTKit
# Install backend dependencies
pip install -r requirements.txt
# Install frontend dependencies
cd frontend
npm install --legacy-peer-deps
cd ..
# Start the backend
python app.py
# Start the frontend (in a new terminal)
cd frontend
npm start
```
---
## ๐ฅ๏ธ Modern Frontend UI
The JWTKit frontend features a modern, responsive UI built with:
- **Material UI** - Sleek component library for consistent design
- **Framer Motion** - Smooth animations for a dynamic feel
- **Dark/Light Mode** - Toggle between themes for comfortable viewing
- **Interactive Editors** - Visually edit JWT headers and payloads
- **Reactive Visualization** - Real-time updates as you modify tokens
The interface is designed to be intuitive and user-friendly while providing powerful features for both security professionals and developers.
---
## ๐ Features in Detail
### Advanced Security Analysis
- Algorithm confusion testing to detect signature bypasses
- Signature verification with multiple algorithms
- Expiration and claim validation
- Issuer and audience checks for token authenticity
### Offensive Security Tools
- JWT cracking with dictionary attacks
- Key injection attacks simulation
- JWKS URL spoofing testing
- Expiration-bypass techniques
### Developer Tools
- JWT generator with customizable payloads
- Payload and header editors for token manipulation
- Signature brute-forcing engine for security testing
- Performance benchmarking for token processing speed
---
## ๐ค Contributing
We welcome contributions! Follow these steps:
1. Fork the project
2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit your changes (`git commit -m 'Add some amazing feature'`)
4. Push to the branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request and describe your changes
---
## ๐
Roadmap
- [x] Core JWT analysis
- [x] Vulnerability scanning
- [x] Modern UI implementation
- [ ] Mobile app support
- [ ] CI/CD integration
- [ ] Comprehensive API documentation
---
## โ FAQ
**Q: Is JWTKit free to use?**
A: Yes, JWTKit is fully open-source under the MIT license.
**Q: Can I use JWTKit in production?**
A: JWTKit is designed primarily for testing and security analysis, not for production use.
---
## ๐ License
Distributed under the MIT License. See the `LICENSE` file for details.
---
## ๐ฌ Contact
**Eshanized**
GitHub: [@eshanized](https://github.com/eshanized)
Email: m.eshanized@gmail.com
Project Link: [https://github.com/eshanized/JWTKit](https://github.com/eshanized/JWTKit)
---
## ๐ Acknowledgements
- [JWT.io](https://jwt.io) - JWT standard and tools
- [OWASP](https://owasp.org) - Security best practices
- [RFC 7519](https://tools.ietf.org/html/rfc7519) - JWT specification
- [Material UI](https://mui.com/) - UI component library
---
Made with โค๏ธ by the JWTKit Team