LogoAISecKit
  • Search
  • Collection
  • Category
  • Tag
  • Blog
  • Pricing
  • Submit
LogoAISecKit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

LogoAISecKit

Curated directory of 1700+ AI tools, models, frameworks, MCP servers, and cybersecurity resources

GitHub
Product
  • Search
  • Collection
  • Category
  • Tag
Resources
  • Blog
  • Pricing
  • Submit
Company
  • About Us
  • Privacy Policy
  • Terms of Service
  • Sitemap
Copyright © 2026 All Rights Reserved.
Sponsored Resources
  1. Home
  2. Category
  3. IDOR Scanner
icon of IDOR Scanner

IDOR Scanner

IDOR Scanner is a Burp Suite extension that automates the detection of IDOR vulnerabilities in web applications.

Visit Website
image for IDOR Scanner
Visit Website

Introduction

IDOR Scanner

IDOR Scanner is a Burp Suite extension written in Python that automates the detection and enumeration of potentially vulnerable numeric fields to identify Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. 🚀

Key Features:
  • Detection of Numeric Fields: Identifies numeric fields in various parts of HTTP requests, including URL paths, query parameters, and request bodies.
  • Passive Scanning: Analyzes outgoing HTTP requests and their responses to detect potential vulnerabilities without active interference.
  • Active Scanning: Modifies detected numeric fields and evaluates responses to confirm vulnerabilities.
  • Manual IDOR Scanning: Allows users to selectively test specific issues via the context menu in Burp Suite.
  • Integration with Burp Suite: Simple installation and seamless operation within the Burp Suite environment.
Benefits:
  • Automated Vulnerability Detection: Saves time and effort in identifying IDOR vulnerabilities.
  • User-Friendly Interface: Easy to use with Burp Suite's context menu integration.
  • Comprehensive Analysis: Provides detailed reports on detected issues for further investigation.
Highlights:
  • Written in Python, making it easy to modify and extend.
  • Actively maintained with contributions welcome from the community.
Back

Information

  • Publisher
    AISecKit
  • Websitegithub.com
  • Published date2025/04/28

Categories

  • Penetration Testing
  • Vulnerability Scanners
  • Web Security

Tags

  • Application Security
  • Exploit Development
  • Security Auditing
  • Open Source
  • Vulnerability Scanning

More Products

image of Phantom
DevSecOps ToolsPenetration TestingVulnerability Scanners
Visit Website
icon of Phantom

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

Security AuditingOpen SourceIncident ResponseVulnerability ScanningAPI Security+1
E
Penetration TestingSecurity Training PlatformsAI Security Monitoring
Visit Website
icon of Exploiting AI

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt InjectionGenerative AIRed Team TestingData Poisoning
F
Input Validation & FilteringPenetration TestingAI Security Monitoring
Visit Website
icon of Folly

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt InjectionOpen SourceAPI SecuritySecurity TestingLLM Security+1