jwt generate
Parse an existing JWT and re-sign it with a new algorithm and key. The original claims are preserved. Useful for manually crafting tokens to test JWT vulnerability mitigations.
vulnapi jwt generate <TOKEN> --alg <alg> --secret <secret>| Flag | Description |
|---|---|
--alg <algorithm> | Signing algorithm (required): HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, NONE |
--secret <secret> | Secret key to sign the token (required for HMAC algorithms) |
--aud <audience> | Audience claim (aud) to set in the token |
Examples
Section titled “Examples”Re-sign with a different HMAC secret
vulnapi jwt generate eyJhbGciOiJIUzI1NiI... --alg HS256 --secret newsecretStrip the signature (alg=none)
vulnapi jwt generate eyJhbGciOiJIUzI1NiI... --alg NONERe-sign with a custom audience
vulnapi jwt generate eyJhbGciOiJIUzI1NiI... --alg HS256 --secret mysecret --aud myserviceOutput
Section titled “Output”The signed token string is printed to stdout.
Exit codes
Section titled “Exit codes”| Code | Meaning |
|---|---|
0 | Token generated successfully |
1 | Invalid input token, unknown algorithm, or missing required flags |