hunt-idor

Solid

Hunting skill for idor vulnerabilities. Built from 26 public bug bounty reports. Use when hunting idor on any target.

AI & Automation 1,380 stars 195 forks Updated 4 days ago NOASSERTION

Install

View on GitHub

Quality Score: 85/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
100
Description 5%
100

Skill Content

## Crown Jewel Targets **Why IDOR pays big:** - Direct access to other users' data without authentication bypass — clear, demonstrable impact - Chains easily with privilege escalation, financial fraud, and account takeover - Affects virtually every application with user-owned resources **Highest-value asset types (by payout potential):** | Asset Type | Why It Pays | |---|---| | Financial documents / billing APIs | PII + financial data exposure (Shopify, Uber, PayPal) | | Private repositories / source code | IP theft, critical data loss (GitHub) | | User messages / DMs | Privacy violation at scale (Reddit) | | Account management endpoints | User addition, deletion, privilege escalation (PayPal, Mozilla) | | Business/org administration | Cross-tenant escalation, employee PII (Uber) | | Content moderation/admin actions | Operational sabotage (Reddit mod logs) | **Programs that pay most for IDOR:** - Platforms with multi-tenancy (SaaS, B2B tools) - Fintech and payment processors - Social platforms with private content - Developer tools with org/repo isolation --- ## Attack Surface Signals **URL patterns that scream IDOR:** ``` /api/v1/users/{id}/ /api/v*/orders/{order_id} /invoices/download?id= /reports/{uuid}/ /messages/{thread_id} /admin/orgs/{org_id}/members /migration/{migration_id}/files /graphql (query params with IDs) /api/business/{business_id}/ /vouchers/{voucher_id}/policy ``` **Response header signals:** - `Content-Type: application/json` on endpoints accepting...

Details

Author
elementalsouls
Repository
elementalsouls/Claude-BugHunter
Created
3 weeks ago
Last Updated
4 days ago
Language
Python
License
NOASSERTION

Integrates with

Anthropic · AI Shopify · Commerce GraphQL · API

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Solid

hunt-graphql

Hunting skill for graphql vulnerabilities. Built from 12 public bug bounty reports across IDOR via node() / GID, mutation IDOR including AI/LLM features, cross-tenant IDOR, SSRF via argument, batching-DoS, query-cost-bypass, SQLi via argument, broken-object-level-authz, auth-bypass via unscoped mutations, and PII exposure from missing field-level authz. Use when hunting graphql on any target.

1,380 Updated 4 days ago
elementalsouls
AI & Automation Solid

hunt-misc

Hunting skill for misc vulnerabilities. Built from 225 public bug bounty reports. Use when hunting misc on any target.

1,380 Updated 4 days ago
elementalsouls
API & Backend Solid

hunt-oauth

Hunting skill for oauth vulnerabilities. Built from 19 public bug bounty reports. Use when hunting oauth on any target.

1,380 Updated 4 days ago
elementalsouls
API & Backend Solid

hunt-sqli

Hunting skill for sqli vulnerabilities. Built from 12 public bug bounty reports including modern NoSQL injection (Rocket.Chat CVE-2021-22911 MongoDB $regex, Mongoose ORM CVE-2024-53900 $where bypass), modern ORM raw-fragment SQLi (Django CVE-2024-42005, Sequelize GHSA-wrh9-cjv3-2hpw), second-order SOQL injection (HackerOne Salesforce), time-based blind SQLi in GraphQL resolvers, and SQLi on OIDC-proxy backends. Use when hunting SQLi / NoSQLi on any target.

1,380 Updated 4 days ago
elementalsouls
AI & Automation Featured

exploiting-idor-vulnerabilities

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.

12,642 Updated today
mukul975