Item logo image for TokenNinja

TokenNinja

ExtensionDeveloper Tools10 users
Item media 3 (screenshot) for TokenNinja
Item media 1 (screenshot) for TokenNinja
Item media 2 (screenshot) for TokenNinja
Item media 3 (screenshot) for TokenNinja
Item media 1 (screenshot) for TokenNinja
Item media 1 (screenshot) for TokenNinja
Item media 2 (screenshot) for TokenNinja
Item media 3 (screenshot) for TokenNinja

Overview

Stealthy JWT security testing toolkit - Decode, analyze & exploit JWT vulnerabilities for authorized pentesting

Stealthy JWT security testing toolkit - Auto-detect, decode, analyze & test JWT vulnerabilities for authorized pentesting & bug bounty. Detailed Description TokenNinja - Professional JWT Security Testing Toolkit A powerful DevTools extension for security researchers, penetration testers, and bug bounty hunters to identify and test JWT (JSON Web Token) vulnerabilities. KEY FEATURES: Auto-Detection • Automatically scans pages for JWTs in cookies, localStorage, sessionStorage, headers, and URLs • Intercepts Authorization headers from XHR/Fetch requests • Supports Next.js, Nuxt.js, Redux, and other modern frameworks Token Analysis • Decode JWT header, payload, and signature • Identify security issues (weak algorithms, missing expiration, exposed secrets) • Visual security risk indicators Attack Generation (80+ Attack Vectors) • Algorithm None - Test for unsigned token acceptance • Algorithm Confusion - RS256 to HS256 key confusion attacks • Signature Stripping - Empty and malformed signature tests • Expiry Manipulation - Extend token lifetime, remove expiration • Key ID (kid) Injection - Path traversal, SQL injection, command injection • JKU/X5U Injection - Remote key URL manipulation • Privilege Escalation - Role, admin, and permission tampering • Issuer/Audience Bypass - iss and aud claim manipulation • Type Confusion - JWT header type attacks One-Click Testing • Test modified tokens against target endpoints • Instant vulnerability detection feedback • Copy attack payloads to clipboard IMPORTANT: This tool is designed for AUTHORIZED security testing only. Use responsibly on systems you have permission to test. Ideal for: • Penetration testing engagements • Bug bounty programs • Security research • CTF competitions • Educational purposes Access via browser popup or DevTools panel for an enhanced testing experience. Version 1.0.0 Category Developer Tools Tags/Keywords JWT, JSON Web Token, security, penetration testing, bug bounty, vulnerability scanner, token decoder, authentication, cybersecurity, devtools

Details

  • Version
    1.0.1
  • Updated
    December 10, 2025
  • Offered by
    Synken Innovations
  • Size
    34.93KiB
  • Languages
    English (United Kingdom)
  • Developer
    Email
    contact@synkeninnovations.in
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

TokenNinja has disclosed the following information regarding the collection and usage of your data. More detailed information can be found in the developer's privacy policy.

TokenNinja handles the following:

Personally identifiable information
Authentication information

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes
Google apps