Apidor on offsec.tools


Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

Common payloads for uncovering IDOR vulnerabilities are created using a definition file which describes the API to be tested. The payloads are then sent to the corresponding endpoints, and any unexpected responses are highlighted for further investigation.
The definition file is a YAML file that describes the API to be tested, as well as giving high and low privileged user tokens and other metadata.