IDOR file downloader using HTTP request files.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Skelmis from gravatar.com Skelmis

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

idox - Indirect Data Exploiter

A CLI or embedded tool for easily downloading IDOR'd files from a burp request or raw url.

drawing

This tool will enumerate the provided URL and download all responses under the correct file extension for later analysis.

Example statistics:

drawing

File extension incorrect or missing? Open an issue with an example response and expected behaviour

Example usage

Install

python -m pip install idox

Burp files

Imagine you have a website that looks like the following:

https://domain.com/images/5/download
https://domain.com/images/6/download

Then you could use the following burp request:

request.txt

GET /images/{INJECT}/download HTTP/1.1
Host: domain.com

To IDOR all images with the id's from 0 to 100 like so

python -m idox file --request-file-path request.txt 100

Raw URLS

Given it requires no auth, you can also enumerate all items with the following simpler syntax:

python -m idox url "https://domain.com/images/{INJECT}/download" 100

Non-incrementing numeric ID enumeration

Imagine a site uses a predictable schema, but it's not 1, 2, 3, etc. This package allows you to instead replace the numeric sequencer with a file of id's to use.

We have created a file example_ids.txt which is our case is a list of UUID's we leaked from somewhere else out of scope. In order to use this within the program, all you'd need to do is the following command:

python -m idox url "https://blurp.skelmis.co.nz/{INJECT}" --sequence-file example_ids.txt

N.b. You can also implement the idox.SequenceT interface and provide that to Idox, at which point it'll work fine and you have custom input.

Example output

All of these would create an output directory which stores all the responses from your target site by response content type.

The following image contains an example output structure:

drawing

For further usage, see python -m idox --help or the data directory.

Other stuff

  • Want realtime help? Join the discord here.
  • This project is licensed under the MIT license
  • Consider sponsoring me here

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Skelmis from gravatar.com Skelmis

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

1.5.0

1.4.0

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.0

0.1.1

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

idox-1.5.0.tar.gz (320.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

idox-1.5.0-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file idox-1.5.0.tar.gz.

File metadata

  • Download URL: idox-1.5.0.tar.gz
  • Upload date:
  • Size: 320.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for idox-1.5.0.tar.gz
Algorithm Hash digest
SHA256 0c0c37c8a95da0d07758de49630a16ed3b15eb9fbcded3a0d6d05d376ba27e70
MD5 62ae5751cc5c6ac8d51bec85c6c86d83
BLAKE2b-256 7a7076c758fa67e8c203a34160451c7a58c64c08e43d349eaec89ee29a2d8baf

See more details on using hashes here.

File details

Details for the file idox-1.5.0-py3-none-any.whl.

File metadata

  • Download URL: idox-1.5.0-py3-none-any.whl
  • Upload date:
  • Size: 10.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for idox-1.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8e6837d80b918e2da86f21f484ec5d89c021f472dd591fb80aaccfd7e497d644
MD5 4c58867a8ddd19bd523c6b09e88a0c06
BLAKE2b-256 fc73f8e7356b7d026da7e7e50e254b21e2f9844be90eb7d5a39113ae149c7c93

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page