JWT attack tool
Generate malicious token variants and ready-to-run artifacts. JWTForge never fires requests — you run the output from your own authorized environment.
Pasted tokens stay in your browser (saved to localStorage so it persists across tabs). Nothing is sent anywhere.
Try an example:|