JWT Auditor MCP Server
This project provides an MCP server exposing advanced JWT auditing tools, inspired by JWTAuditor. It is designed for use with Claude Desktop, Cursor, and other MCP-compatible clients.
Features
- JWT Decoder: Decodes JWT header, payload, and signature.
- JWT Analyzer: Detects vulnerabilities (alg=none, weak algs, missing claims, header injection, sensitive data, etc.).
- JWT Secret Bruteforcer: Attempts to brute-force HS256/HS384/HS512 secrets using a wordlist.
- JWT Generator/Editor: Create and sign JWTs (HS* and RS* support).
Quickstart
1. Install dependencies (using uv)
2. Run the MCP server
3. Configure Claude Desktop (or Cursor)
Add the following to your Claude Desktop mcpServers.json
(or merge into your config):
- Make sure the
cwd
path matches your project directory. - This will launch the server in the correct environment using
uv
.
4. Example mcp.json for MCP Inspector or other clients
If you want to use the MCP Inspector or another tool that requires an mcp.json
config, use:
Security
- All JWT operations are performed locally.
- No tokens or secrets are sent to any external service.
Credits
- Inspired by JWTAuditor
- Built with MCP Python SDK
Provides advanced JWT auditing tools including decoding, vulnerability analysis, secret bruteforcing, and JWT generation/editing capabilities for MCP-compatible clients.
Related MCP Servers
- AsecurityAlicenseAqualityA specialized MCP server for in-depth analysis of git repositories, offering tools for branch overview, time period analysis, file changes, and merge recommendations.Last updated -41JavaScriptApache 2.0
- -securityAlicense-qualityA comprehensive system that helps organizations track, manage, and respond to security vulnerabilities effectively through features like vulnerability tracking, user management, support tickets, API key management, and SSL certificate management.Last updated -PythonMIT License
- -securityFlicense-qualityAn MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.Last updated -3Python
- -securityFlicense-qualityProvides a one-stop automated solution for Android APK security analysis by integrating tools like JEB, JADX, APKTOOL, FlowDroid, and MobSF into unified MCP standard API interfaces.Last updated -129Python