offensive-idor
CommunityFind and fix insecure object references.
System Documentation
What problem does it solve?
Insecure Direct Object References (IDOR) occur when applications expose internal object references without proper authorization, enabling unauthorized access or modifications. This skill provides a structured methodology to detect, validate, and document IDOR vulnerabilities across web apps, APIs, and mobile backends, helping defenders map ownership checks and prioritize remediation.
Core Features & Use Cases
- Comprehensive IDOR hunting: identify IDs in URLs, bodies, cookies, and headers; test horizontal and vertical access control failures.
- Guided exploitation and verification: replay requests under different sessions, verify ownership, and document impact with evidence.
- Remediation-oriented output: produce clear steps to implement proper authorization and indirect references.
Quick Start
Capture representative requests with IDs using a test account, then replay them under another session to validate ownership checks.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: offensive-idor Download link: https://github.com/riparino/Claude-Cyber/archive/main.zip#offensive-idor Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.