JWT Auditor MCP Server
This project provides an MCP server exposing advanced JWT auditing tools, inspired by JWTAuditor. It is designed for use with Claude Desktop, Cursor, and other MCP-compatible clients.
Features
- JWT Decoder: Decodes JWT header, payload, and signature.
- JWT Analyzer: Detects vulnerabilities (alg=none, weak algs, missing claims, header injection, sensitive data, etc.).
- JWT Secret Bruteforcer: Attempts to brute-force HS256/HS384/HS512 secrets using a wordlist.
- JWT Generator/Editor: Create and sign JWTs (HS* and RS* support).
Quickstart
1. Install dependencies (using uv)
uv pip install -r pyproject.toml
2. Run the MCP server
uv run server.py
3. Configure Claude Desktop (or Cursor)
Add the following to your Claude Desktop mcpServers.json (or merge into your config):
{
"mcpServers": {
"JWT Auditor MCP": {
"type": "stdio",
"command": "uv",
"args": ["run", "server.py"],
"cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
}
}
}
- Make sure the
cwdpath matches your project directory. - This will launch the server in the correct environment using
uv.
4. Example mcp.json for MCP Inspector or other clients
If you want to use the MCP Inspector or another tool that requires an mcp.json config, use:
{
"mcpServers": {
"jwt-auditor": {
"type": "stdio",
"command": "uv",
"args": ["run", "server.py"],
"cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
}
}
}
Security
- All JWT operations are performed locally.
- No tokens or secrets are sent to any external service.
Credits
- Inspired by JWTAuditor
- Built with MCP Python SDK
