IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

✅ Experience the power of an automated Insecure Direct Object Reference (IDOR) vulnerability detection tool. Safeguard your applications with cutting-edge technology that identifies potential security weaknesses in an efficient and streamlined manner.

This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles

Simplify penetration testing by generating realistic wordlists as needed ( e.g API keys, UUIDs, tokens, OrderId, transaction IDs, invoices, coupon codes) for brute-force and IDOR testing.

uuidv1 exploit kit

Capture The Flag

A modern, animated cybersecurity learning game built with React + Vite. Learn SQLi, XSS, and IDOR with real attack simulations.

Hands-on CTF-style Broken Access Control lab for Node/Express, covering IDOR, vertical privilege escalation, JWT abuse, batch authorization bypass, and multi-tenant isolation.

Advanced automated IDOR testing tool with UUID fuzzing, JWT analysis, GraphQL support, POST request fuzzing, and smart ID parameter discovery.

Immerse yourself in a practical hacking exercise to gain valuable experience with prevalent security exploits. Explore six key vulnerabilities, including SQL injection, session hijacking, username enumeration, IDOR, XSS, and CSRF, for a comprehensive cybersecurity learning experience.

A beta test for a multi target attack with a multi payload type.

This repository details an IDOR vulnerability in AbsysNet 2.3.1, which allows a remote attacker to brute-force session IDs via the /cgi-bin/ocap/ endpoint. Successful exploitation can compromise active user sessions, exposing authentication tokens in HTML. The attack is limited to active sessions and is terminated if the user logs out.

🎮 Master web security vulnerabilities through interactive levels and real attack simulations with the OGT Cybersecurity Learning Game.

AI hybrid red teaming lab demonstrating how traditional web vulnerabilities (IDOR) can be chained with LLM behavior to expose sensitive data in modern applications.

🎓 Complete IDOR (Insecure Direct Object Reference) Guide: Beginner → Advanced

cyber security lab exam

Achieve the concept of security of web coding through this project.

Labs from the Hacktify Cybersecurity (HCS) - Penetration Testing Internship 2025

Simulate API attack patterns (BOLA, credential stuffing, shadow APIs, rate spikes) against your own dev/staging endpoints to verify your defenses.

Offline Flask web security lab with 10 access control vulnerability challenges. Runs in Termux. Inspired by PortSwigger