Skip to content

Skelmis/idox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

.github

.github

 
 

data

data

 
 

docs

docs

 
 

idox

idox

 
 

images

images

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.readthedocs.yaml

.readthedocs.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.py

main.py

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

idox - Indirect Data Exploiter

A CLI or embedded tool for easily downloading IDOR'd files from a burp request.

drawing

Example usage

Imagine you have a website that looks like the following:

https://domain.com/images/5/download
https://domain.com/images/6/download

Then you could use the following burp request:

request.txt

GET /images/$INJECT$/download HTTP/1.1
Host: domain.com

To IDOR all images with the id's from 0 to 100 like so

python -m idox --request-file-path request.txt 100

This would create an output directory which stores all the responses from your target site by response content type.

For further usage, see python -m idox --help or the data directory.

Support

Want realtime help? Join the discord here.

License

This project is licensed under the MIT license

Funding

Want a feature added quickly? Want me to help build your software using Alaric?

Sponsor me here

About

IDOR file downloader using HTTP request files

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages