jwt_tool v2.1.0
[+] NEW exploit: null signature (-X n)
[+] NEW scanner mode: Inject Common Claims (-M cc)
[+] additional checks in 'Playbook' scan mode (-M pb)
[+] multiple custom headers now supported (-rh)
[+] reflective JWKS URL created automatically in config file - for JKU/Spoof JWKS attacks (-X s)
[+] checks added for old/incompatible config files
[+] report on long HTTP response times
[+] Bugfixes