SecurityWall Logo

JWT Analyzer & Security Checker (100% Offline)

Decode, verify, and security-audit JWT tokens directly in your browser. No server processing, no data storage, complete privacy.

100% Client-Side

Your tokens never leave your browser

Risk Scoring

0-100 security risk analysis

Verify HS256/384/512, RS256/384/512, PS256/384/512

Signature verification

Export Reports

JSON, Markdown, PDF

JWT Token
Paste your JWT token below. All processing happens locally in your browser.

What this JWT Analyzer checks

Signature & Algorithm
  • • Algorithm verification (HS256, HS384, HS512, RS256, RS384, RS512, PS256, PS384, PS512)
  • • Detection of dangerous "none" algorithm vulnerability
  • • Signature validation with provided secret keys or public keys
  • • Weak secret detection for HMAC-signed tokens
Claims & Expiration
  • • Missing or invalid expiration (exp) claims
  • • Not-before (nbf) timestamp validation
  • • Issued-at (iat) timestamp analysis
  • • Clock skew detection and warnings
  • • Expiration time too far in future (attack window)
Security Best Practices
  • • Missing issuer (iss) or audience (aud) claims
  • • Sensitive data in payload (PII, secrets, passwords)
  • • Authorization claims without server-side validation
  • • Key ID (kid) confusion attack risks
Token Characteristics
  • • Token size analysis (large tokens > 4KB)
  • • Missing type (typ) claim detection
  • • Standard vs custom claims identification
  • • Comprehensive risk score calculation (0-100)

Supported Algorithms

✓ Supported

  • HS256, HS384, HS512

    HMAC with SHA-256/384/512. Requires secret key.

  • RS256, RS384, RS512

    RSA-PKCS#1 with SHA-256/384/512. Requires public key in PEM format.

  • PS256, PS384, PS512

    RSA-PSS with SHA-256/384/512. Requires public key in PEM format.

✗ Not Supported

  • ES256, ES384, ES512

    ECDSA requires DER-to-raw signature conversion not implemented.

  • EdDSA

    Edwards-curve algorithms are not implemented.

How signature verification works

This tool uses the browser's native Web Crypto API to verify JWT signatures entirely client-side:

  • HMAC (HS256/384/512): Requires the secret key. The tool imports the key and verifies the signature using the HMAC algorithm with the appropriate SHA hash function.
  • RSA-PKCS1-v1_5 (RS256/384/512): Requires the RSA public key in SPKI PEM format (-----BEGIN PUBLIC KEY-----). The tool uses RSASSA-PKCS1-v1_5 for signature verification with SHA-256, SHA-384, or SHA-512.
  • RSA-PSS (PS256/384/512): Requires the RSA public key in SPKI PEM format. The tool uses RSA-PSS for signature verification with salt length matching the hash output size (32 bytes for SHA-256, 48 for SHA-384, 64 for SHA-512).

Note: All cryptographic operations run in your browser using the Web Crypto API. No tokens, keys, or secrets are transmitted to any server.

HS256 weak secret testing (client-side)

The weak secret test runs entirely in a Web Worker to avoid blocking the browser UI:

  • Built-in wordlist: 103,979 JWT secrets from SecLists (scraped from real-world JWT implementations). Fetched from GitHub on demand.
  • Custom wordlist: Upload your own .txt file with candidate secrets (one per line). Large files (100MB+) are processed in chunks to prevent browser freezing.
  • Smart guesses: Generate candidates based on app name, domain, environment variables, and year patterns commonly used in JWT secrets.
  • Performance: Achieves 15,000-25,000 keys/second depending on your device. A 14 million candidate wordlist completes in approximately 7-8 minutes.
  • Safety limits: Wordlists larger than 50,000 candidates require explicit confirmation to prevent accidental browser performance issues.

JWT security checklist

Always use strong signature algorithms

Never use alg: "none". Prefer RSA algorithms (RS256/384/512 or PS256/384/512) over HS256 when asymmetric key management is feasible.

Set appropriate expiration times

Use short-lived access tokens (15 minutes to 1 hour) and longer-lived refresh tokens with rotation.

Include standard claims

Always include iss (issuer), aud (audience), exp (expiration), and iat (issued at) claims.

Never store sensitive data in tokens

Avoid passwords, API keys, credit card numbers, SSN, or other PII in JWT payloads.

Always validate server-side

Verify signatures and validate all claims on the server. Never trust client-side token data.

Use cryptographically strong secrets

For HMAC algorithms, use cryptographically random secrets of at least 256 bits (32 bytes).

Limitations & Disclaimers

  • JWS only: This tool analyzes signed JWTs (JWS). Encrypted JWTs (JWE) are not supported.
  • Algorithm support: HS256, HS384, HS512, RS256, RS384, RS512, PS256, PS384, and PS512 are supported for verification. See the Supported Algorithms section above for details.
  • Browser-dependent: Cryptographic operations use the Web Crypto API, which may behave differently across browsers. Tested on Chrome, Firefox, and Safari.
  • PEM format required: RSA public keys must be in SPKI PEM format. JWK format is not directly supported; convert to PEM first.
  • Security analysis is advisory: Findings are based on common security best practices. Context-specific security decisions should be made by qualified security professionals.

Explore more SecurityWall security tools: Tools Hub |Security Blog

Frequently Asked Questions