Repository navigation
idor
- Website
- Wikipedia
Top disclosed reports from HackerOne
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed as a quick reference cheat sheet for your pentesting and bug bounty engagement.
Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here, you'll find a variety of resources, notes, and practical projects aimed at enhancing knowledge and skills in identifying and mitigating security vulnerabilities.
✅ Experience the power of an automated Insecure Direct Object Reference (IDOR) vulnerability detection tool. Safeguard your applications with cutting-edge technology that identifies potential security weaknesses in an efficient and streamlined manner.
A sensible no bullshit repo of summaries of reports on hackerone, bugcrowd and alike, that makes straight up sense and make it easy to repeat and automate. This is supposed to serve as my personal reference, but should be a good public index reference for like minded.
Writeups for portswigger labs.
A powerful Python tool for identifying Insecure Direct Object Reference (IDOR) vulnerabilities in Burp Suite traffic exports.
solutions of hack-yourself-first
CIDOR, aka Canvas IDOR, is a fuzzer/downloader/cleaner using common structures used by colleges for document retrieval. Watch the POC video for CIDOR finding previous Stanford University Mid-term Tests/Answers.
Slides and PoCs for my DEF CON 33 & HOU.SEC.CON 2025 talk on overlooked attack surfaces across Apple's ecosystem.
This cheatsheet contains techniques, commands, and tools commonly used during web application penetration tests. It provides quick references to common vulnerabilities, exploitation techniques, and tools used in modern web application attacks.
Capture the Flag (CTF) is a cybersecurity competition that is used as a test of security skills.
An easy ctf - Authentication Bypassing using IDOR vulnerability
get all picture of students in amikom.ac.id
