JWT attacks

jwt_tool

https://github.com/ticarpi/jwt_tool

Default ("Playbook") scan:

bash

jwt_tool.py -t https://api.example.com/api/v1/self -rh "Authorization: Bearer <token>" -M pb

Wiki with more details on attack types: https://github.com/ticarpi/jwt_tool/wiki