Replaces manual JWT verification testing for weak signing keys. Uses dictionary attacks to identify insecure HMAC secrets in JSON Web Tokens to prevent unauthorized access.
Tech Stack
JavaScriptSecurity & Passwords
Why jwt-cracker?
• Fast dictionary-based cracking
• Supports multiple HS algorithms
• Zero configuration required
Limitations
• CPU-bound (slower than GPU)
• Limited to HMAC algorithms
• No support for RSA/ECDSA
2/28/2026
Last Update
168
Forks
12
Issues
MIT
License
Financial Leak Detected
Stop the "SaaS Tax"
Your team could be burning cash. Switching to jwt-cracker instantly boosts your runway.
