jwt_tool v2.0.2 - MAJOR NEW VERSION
MAJOR REWRITE: lots more capabilities and new commandline arguments/flags - docs written and guides published
[+] Send tokens directly to the web application from jwt_tool, and proxy through existing tools (Burp, ZAP, etc.)
[+] ALL NEW SCANNING MODE!:
- Scan for common vulnerabilities from the JWT Attack Playbook
- Test for error conditions by forcing invalid content-types in claims
- Test for unused valid claims by injection
[+] Customise your default options in the config file
[+] Built-in dictionaries and assistive lists to find bugs and misconfigurations
[+] Logging enabled for all tokens, allowing audit, review and re-tampering of successful requests
[+] Inject token claims and values on-the-fly across all modes, fuzz values from lists, and bruteforce accepted values
(This release - v2.0 [incorporating bugfixes from v2.0.1 and v2.0.2])