Comprehensive JWT Security Analysis & Testing Platform
| Feature | Description |
|---|---|
| 🔍 JWT Decoder | Decode and analyze JWT structure with color-coded visualization |
| 🛡️ Vulnerability Scanner | Detect 20+ common JWT security issues |
| 🔐 Signature Verification | Support for HS256, RS256, ES256 algorithms |
| ⚡ Performance Testing | Benchmark JWT processing speed |
| 📊 Security Reports | Generate detailed security assessment reports |
| 🧪 Test Suite | 50+ pre-built test cases for JWT validation |
| 🎭 Attack Vectors | Test various JWT attack vectors (Algorithm Confusion, Brute Force, Key Injection) |
# Clone the repository
git clone https://github.com/eshanized/JWTKit.git
cd JWTKit
# Install backend dependencies
pip install -r requirements.txt
# Install frontend dependencies
cd frontend
npm install --legacy-peer-deps
cd ..
# Start the backend
python app.py
# Start the frontend (in a new terminal)
cd frontend
npm startThe JWTKit frontend features a modern, responsive UI built with:
- Material UI - Sleek component library for consistent design
- Framer Motion - Smooth animations for a dynamic feel
- Dark/Light Mode - Toggle between themes for comfortable viewing
- Interactive Editors - Visually edit JWT headers and payloads
- Reactive Visualization - Real-time updates as you modify tokens
The interface is designed to be intuitive and user-friendly while providing powerful features for both security professionals and developers.
- Algorithm confusion testing to detect signature bypasses
- Signature verification with multiple algorithms
- Expiration and claim validation
- Issuer and audience checks for token authenticity
- JWT cracking with dictionary attacks
- Key injection attacks simulation
- JWKS URL spoofing testing
- Expiration-bypass techniques
- JWT generator with customizable payloads
- Payload and header editors for token manipulation
- Signature brute-forcing engine for security testing
- Performance benchmarking for token processing speed
We welcome contributions! Follow these steps:
- Fork the project
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request and describe your changes
- Core JWT analysis
- Vulnerability scanning
- Modern UI implementation
- Mobile app support
- CI/CD integration
- Comprehensive API documentation
Q: Is JWTKit free to use?
A: Yes, JWTKit is fully open-source under the MIT license.
Q: Can I use JWTKit in production?
A: JWTKit is designed primarily for testing and security analysis, not for production use.
Distributed under the MIT License. See the LICENSE file for details.
Eshanized
GitHub: @eshanized
Email: m.eshanized@gmail.com
Project Link: https://github.com/eshanized/JWTKit
- JWT.io - JWT standard and tools
- OWASP - Security best practices
- RFC 7519 - JWT specification
- Material UI - UI component library
Made with ❤️ by the JWTKit Team