The JWT Auditor MCP Server is a powerful tool that provides advanced JWT (JSON Web Token) auditing capabilities through the Model Context Protocol (MCP). It enables you to decode, analyze, brute-force, and generate JWTs directly within compatible clients like Claude Desktop and Cursor.
Before installing the JWT Auditor MCP Server, ensure you have Python and UV (a Python package manager) installed on your system.
Install the required dependencies using the UV package manager:
uv pip install -r pyproject.toml
Start the MCP server by running:
uv run server.py
To use JWT Auditor with Claude Desktop, you need to add it to your mcpServers.json configuration file:
{
"mcpServers": {
"JWT Auditor MCP": {
"type": "stdio",
"command": "uv",
"args": ["run", "server.py"],
"cwd": "/path/to/your/jwtAuditor-Mcp"
}
}
}
Make sure to replace /path/to/your/jwtAuditor-Mcp with the actual path to where you installed the JWT Auditor MCP server.
If you're using the MCP Inspector or another compatible client, use this configuration in your mcp.json file:
{
"mcpServers": {
"jwt-auditor": {
"type": "stdio",
"command": "uv",
"args": ["run", "server.py"],
"cwd": "/path/to/your/jwtAuditor-Mcp"
}
}
}
Use this feature to decode JWT header, payload, and signature into a human-readable format.
The analyzer helps detect common JWT vulnerabilities including:
Attempts to crack HS256, HS384, and HS512 JWT secrets using a provided wordlist.
Create and sign new JWTs with support for:
All JWT operations are performed locally on your machine. The server doesn't send your tokens or secrets to any external services, ensuring your sensitive data remains secure.
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "JWT-Auditor-MCP" '{"type":"stdio","command":"uv","args":["run","server.py"],"cwd":"/Users/haji/mcp-servers/jwtAuditor-Mcp"}'See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"JWT Auditor MCP": {
"type": "stdio",
"command": "uv",
"args": [
"run",
"server.py"
],
"cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
}
}
}To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.json~/.config/Claude/claude_desktop_config.json2. Add this to your configuration file:
{
"mcpServers": {
"JWT Auditor MCP": {
"type": "stdio",
"command": "uv",
"args": [
"run",
"server.py"
],
"cwd": "/Users/haji/mcp-servers/jwtAuditor-Mcp"
}
}
}3. Restart Claude Desktop for the changes to take effect