JWT Security Testing
当用户要求“测试 JWT 安全性”、“破解 JWT 令牌”、“绕过 JWT 身份验证”、“破解 JWT 机密”或“利用 JWT 漏洞”时,应使用此技能。它提供了全面的JSON Web Token攻击技术和安全评估方法。
SKILL.md
Identify and exploit vulnerabilities in JSON Web Token (JWT) implementations, including algorithm confusion attacks, secret key cracking, signature bypass, and claim manipulation. JWTs are widely used for authentication and authorization, making them high-value targets for security testing.
| HS256 | Symmetric | HMAC with SHA-256 | | HS384 | Symmetric | HMAC with SHA-384 | | HS512 | Symmetric | HMAC with SHA-512 | | RS256 | Asymmetric | RSA with SHA-256 | | RS384 | Asymmetric | RSA with SHA-384 | | RS512 | Asymmetric | RSA with SHA-512 | | ES256 | Asymmetric | ECDSA with SHA-256 | | none | None | No signature |
| None Algorithm | Accepts unsigned tokens | "alg": "none" | | Secret Cracking | Weak HMAC secret | Brute-force | | Key Confusion | RSA key as HMAC secret | Sign with public key | | JWK Injection | Trusts embedded keys | Embed attacker JWK | | KID Injection | Unvalidated kid | Path traversal/SQLi |
可引用信息
为搜索与 AI 引用准备的稳定字段与命令。
- 安装命令
npx skills add https://github.com/zebbern/secops-cli-guides --skill JWT Security Testing- 分类
- !安全工具
- 认证
- —
- 收录时间
- 2026-02-05
- 更新时间
- 2026-02-18
快速解答
什么是 JWT Security Testing?
当用户要求“测试 JWT 安全性”、“破解 JWT 令牌”、“绕过 JWT 身份验证”、“破解 JWT 机密”或“利用 JWT 漏洞”时,应使用此技能。它提供了全面的JSON Web Token攻击技术和安全评估方法。 来源:zebbern/secops-cli-guides。
如何安装 JWT Security Testing?
打开你的终端或命令行工具(如 Terminal、iTerm、Windows Terminal 等) 复制并运行以下命令:npx skills add https://github.com/zebbern/secops-cli-guides --skill JWT Security Testing 安装完成后,技能将自动配置到你的 AI 编程环境中,可以在 Claude Code 或 Cursor 中使用
这个 Skill 的源码在哪?
https://github.com/zebbern/secops-cli-guides