>_JWT Analyzer Pro
Lightning-fast JSON Web Token inspector for tracking down weak signing signatures and algorithm confusion attacks.
Key Features
- Instant Decoding: Highlight a JWT anywhere in your terminal safely
- Signature Weakness Detection: Automatically warn against common HMAC weak secrets
- Algorithm Confusion Testing: Generates alg:none and RS256→HS256 payload mutations
- JWKS Endpoint Discovery: Automatically probe common public key endpoints
Example Usage
odivex-tools jwt --decode "eyJhbG..."odivex-tools jwt --crack "eyJhbG..." --wordlist rockyou.txtodivex-tools jwt --forge --alg none --payload "{\"admin\":true}"Setup
Install via the OdiVex CLI framework:
npm install -g odivex-toolsOverview
JWT Analyzer Pro is the go-to tool for web application penetration testers who need fast, reliable JWT inspection and exploitation capability. It handles the full lifecycle from decoding to active exploitation.
When to Use This Tool
- During web application assessments when JWT-based authentication is present
- When testing for algorithm confusion vulnerabilities (alg:none, RS256→HS256)
- For offline HMAC secret cracking during post-exploitation
- In automated CI/CD pipelines as a regression scanner
Advanced Usage
Key Extraction Mode
# Extract and test RS256 public keys
odivex-tools jwt --extract-key "eyJhbG..." --endpoint [https://target.com/jwks.json](https://target.com/jwks.json)
Batch Mode
# Process multiple tokens from a file
odivex-tools jwt --batch tokens.txt --crack --wordlist common-jwt-secrets.txt
Related Intelligence
Further exploration based on cross-referenced content.
JWT Attacks: A Complete Practitioner''s Guide
From alg:none bypasses to RS256→HS256 confusion attacks — every JWT vulnerability explained with working payloads.
Auth Bypass Kit
Collection of authentication bypass techniques packaged as a CLI — JWT attacks, OAuth flaws, SAML misconfigurations, and session fixation .
SSRF Probe
Automated Server-Side Request Forgery detection and exploitation tool with cloud metadata endpoint testing built-in.