Skill
offensive-jwt
JWT attack methodology for penetration testers. Covers algorithm confusion (alg:none, RS256→HS256), weak HMAC secret brute force, kid parameter injection (SQLi, path traversal), jku/x5u/jwk header injection, JWKS cache poisoning, JWS/JWE confusion, timing attacks, and mobile JWT storage extraction.
Claim this listing
Connect your GitHub to prove you own or maintain this listing. We verify repo access automatically — most publishers are confirmed in seconds.
1Connect GitHub
2Submit your claim
3Auto-verified, or reviewed within 48h