Aller au contenu

Get Started

Ce contenu n’est pas encore disponible dans votre langue.

Decode

Inspect any JWT header and claims without needing the signing key.

Verify

Validate signatures against an HMAC secret, a PEM key, or a JWKS endpoint.

Create & sign

Mint new tokens or re-sign existing ones with a different algorithm or key.

Security testing

Probe live servers for JWT vulnerabilities or generate exploit tokens for manual testing.

Terminal window
# Install
go install github.com/cerberauth/jwtop@latest
# Decode a token
jwtop decode $TOKEN
# Verify with an HMAC secret
jwtop verify $TOKEN --secret mysecret
# Probe a server for JWT vulnerabilities
jwtop crack $TOKEN --url https://api.example.com/protected