JWT Auditor MCP Server

This project provides an MCP server exposing advanced JWT auditing tools, inspired by JWTAuditor. It is designed for use with Claude Desktop, Cursor, and other MCP-compatible clients.

Features

JWT Decoder: Decodes JWT header, payload, and signature.
JWT Analyzer: Detects vulnerabilities (alg=none, weak algs, missing claims, header injection, sensitive data, etc.).
JWT Secret Bruteforcer: Attempts to brute-force HS256/HS384/HS512 secrets using a wordlist.
JWT Generator/Editor: Create and sign JWTs (HS* and RS* support).

Quickstart

1. Install dependencies (using uv)

uv pip install -r pyproject.toml

2. Run the MCP server

uv run server.py

3. Configure Claude Desktop (or Cursor)

Add the following to your Claude Desktop mcpServers.json (or merge into your config):

{
  "mcpServers": {
    "JWT Auditor MCP": {
      "type": "stdio",
      "command": "uv",
      "args": ["run", "server.py"],
      "cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
    }
  }
}

Make sure the cwd path matches your project directory.
This will launch the server in the correct environment using uv.

4. Example mcp.json for MCP Inspector or other clients

If you want to use the MCP Inspector or another tool that requires an mcp.json config, use:

{
  "mcpServers": {
    "jwt-auditor": {
      "type": "stdio",
      "command": "uv",
      "args": ["run", "server.py"],
      "cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
    }
  }
}

Security

All JWT operations are performed locally.
No tokens or secrets are sent to any external service.

Credits

Inspired by JWTAuditor
Built with MCP Python SDK

Features

JWT Decoder: Decodes JWT header, payload, and signature.

JWT Analyzer: Detects vulnerabilities (alg=none, weak algs, missing claims, header injection, sensitive data, etc.).

JWT Secret Bruteforcer: Attempts to brute-force HS256/HS384/HS512 secrets using a wordlist.

JWT Generator/Editor: Create and sign JWTs (HS* and RS* support).

Quickstart

1. Install dependencies (using uv)

uv pip install -r pyproject.toml

2. Run the MCP server

uv run server.py

3. Configure Claude Desktop (or Cursor)

Add the following to your Claude Desktop mcpServers.json (or merge into your config):

{ "mcpServers": { "JWT Auditor MCP": { "type": "stdio", "command": "uv", "args": ["run", "server.py"], "cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp" } } }

Make sure the cwd path matches your project directory.

This will launch the server in the correct environment using uv.

4. Example mcp.json for MCP Inspector or other clients

If you want to use the MCP Inspector or another tool that requires an mcp.json config, use:

{ "mcpServers": { "jwt-auditor": { "type": "stdio", "command": "uv", "args": ["run", "server.py"], "cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp" } } }

JWT Auditor MCP Server

README Documentation

JWT Auditor MCP Server

Features

Quickstart

1. Install dependencies (using uv)

2. Run the MCP server

3. Configure Claude Desktop (or Cursor)

4. Example mcp.json for MCP Inspector or other clients

Security

Credits

Quick Install

Quick Actions

Key Features

JWT Auditor MCP Server

README Documentation

JWT Auditor MCP Server

Features

Quickstart

1. Install dependencies (using uv)

2. Run the MCP server

3. Configure Claude Desktop (or Cursor)

4. Example mcp.json for MCP Inspector or other clients

Security

Credits

Quick Install

Quick Actions

Key Features