idor-blast-radius
OfficialQuantify IDOR impact with real blast radius
Legal & Compliance#vulnerability assessment#access control#blast radius#idor#cwe-639#impact projection#authorized testing
Authorvigolium
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It turns a suspected Insecure Direct Object Reference (IDOR) from a vague bug report into an impact-sized finding by estimating how many other users’ objects are reachable and what data is exposed.
Core Features & Use Cases
- Blast-radius sizing: estimates reachable object count via targeted sampling rather than full enumeration.
- Data-class and severity mapping: classifies exposed data (PII, credentials, financial, content, or metadata) and distinguishes read vs write impact.
- Finding persistence guidance: structures a report with projection, masked evidence, and CWE-639 linkage for consistent triage and remediation planning.
Quick Start
Run the skill on an IDOR candidate endpoint by probing neighboring IDs with your own session, sampling 20–50 IDs to estimate reachability, classifying the data exposed, and then reporting a blast-radius sized finding for the pattern.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: idor-blast-radius Download link: https://github.com/vigolium/vigolium/archive/main.zip#idor-blast-radius Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.