Apidor

Common payloads for uncovering IDOR vulnerabilities are created using a definition file which describes the API to be tested. The payloads are then sent to the corresponding endpoints, and any unexpected responses are highlighted for further investigation.
The definition file is a YAML file that describes the API to be tested, as well as giving high and low privileged user tokens and other metadata.