Skills

testing-jwt-token-security

Installation
SKILL.md

Testing JWT Token Security

When to Use

  • During authorized penetration tests when the application uses JWT for authentication or authorization
  • When assessing API security where JWTs are passed as Bearer tokens or in cookies
  • For evaluating SSO implementations that use JWT/JWS/JWE tokens
  • When testing OAuth 2.0 or OpenID Connect flows that issue JWTs
  • During security audits of microservice architectures using JWT for inter-service authentication

Prerequisites

  • Authorization: Written penetration testing agreement for the target
  • jwt_tool: JWT attack toolkit (pip install jwt_tool or git clone https://github.com/ticarpi/jwt_tool.git)
  • Burp Suite Professional: With JSON Web Token extension from BApp Store
  • Python PyJWT: For scripting custom JWT attacks (pip install pyjwt)
  • Hashcat: For brute-forcing HMAC secrets (apt install hashcat)
  • jq: For JSON processing
  • Target JWT: A valid JWT token from the application
Installs
225
Repository
mukul975/anthro…y-skills
GitHub Stars
21.0K
First Seen
Mar 15, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
testing-jwt-token-security — mukul975/anthropic-cybersecurity-skills