Penetration Testing Kit - Json Web Token

Getting started

• Generate key pair - RS/ES/PS
• Recover Public Key From Signed JWTs

Attacks

• Null Signature Attack (CVE-2020-28042)
• None Algorithm (CVE-2015-9235)
• Algorithm/Key Confusion Attack (CVE-2016-5431)
• Brute-force weak HMAC secret
• JWT header injection - JWK

How to