JWT Auditor MCP Server

This project provides an MCP server exposing advanced JWT auditing tools, inspired by JWTAuditor. It is designed for use with Claude Desktop, Cursor, and other MCP-compatible clients.

Features

JWT Decoder: Decodes JWT header, payload, and signature.
JWT Analyzer: Detects vulnerabilities (alg=none, weak algs, missing claims, header injection, sensitive data, etc.).
JWT Secret Bruteforcer: Attempts to brute-force HS256/HS384/HS512 secrets using a wordlist.
JWT Generator/Editor: Create and sign JWTs (HS* and RS* support).

Quickstart

1. Install dependencies (using uv)

uv pip install -r pyproject.toml

2. Run the MCP server

uv run server.py

3. Configure Claude Desktop (or Cursor)

Add the following to your Claude Desktop mcpServers.json (or merge into your config):

{
  "mcpServers": {
    "JWT Auditor MCP": {
      "type": "stdio",
      "command": "uv",
      "args": ["run", "server.py"],
      "cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
    }
  }
}

Make sure the cwd path matches your project directory.
This will launch the server in the correct environment using uv.

4. Example mcp.json for MCP Inspector or other clients

If you want to use the MCP Inspector or another tool that requires an mcp.json config, use:

{
  "mcpServers": {
    "jwt-auditor": {
      "type": "stdio",
      "command": "uv",
      "args": ["run", "server.py"],
      "cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
    }
  }
}

Security

All JWT operations are performed locally.
No tokens or secrets are sent to any external service.

Credits

Inspired by JWTAuditor
Built with MCP Python SDK

Install Server

HTTP connection URL

security – no known vulnerabilities

license - not found

quality - confirmed to work

How are these scores calculated?

Tools

Provides advanced JWT auditing tools including decoding, vulnerability analysis, secret bruteforcing, and JWT generation/editing capabilities for MCP-compatible clients.

Related MCP Servers

Git Forensics MCP
davidorex
A
security
A
license
A
quality
A specialized MCP server for in-depth analysis of git repositories, offering tools for branch overview, time period analysis, file changes, and merge recommendations.
Last updated -
4
1
JavaScript
Apache 2.0
MCP Vulnerability Management System
nesirat
-
security
A
license
-
quality
A comprehensive system that helps organizations track, manage, and respond to security vulnerabilities effectively through features like vulnerability tracking, user management, support tickets, API key management, and SSL certificate management.
Last updated -
Python
MIT License
Pentest Tools MCP Server
ch1nhpd
-
security
F
license
-
quality
An MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.
Last updated -
4
Python
APK Security Guard MCP Suite
cc-apk
-
security
F
license
-
quality
Provides a one-stop automated solution for Android APK security analysis by integrating tools like JEB, JADX, APKTOOL, FlowDroid, and MobSF into unified MCP standard API interfaces.
Last updated -
129
Python

View all related MCP servers