Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/skelmis/idox

IDOR file downloader using HTTP request files
https://github.com/skelmis/idox

Last synced: 3 months ago
JSON representation

IDOR file downloader using HTTP request files

Host: GitHub
URL: https://github.com/skelmis/idox
Owner: Skelmis
License: mit
Created: 2024-02-05T11:41:48.000Z (11 months ago)
Default Branch: master
Last Pushed: 2024-05-29T05:11:13.000Z (8 months ago)
Last Synced: 2024-05-29T17:58:05.337Z (8 months ago)
Language: Python
Homepage:
Size: 261 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

# idox - Indirect Data Exploiter

**A CLI or embedded tool for easily downloading IDOR'd files from a burp request or raw url.**

drawing

---

This tool will enumerate the provided URL and download all responses under the correct file extension for later analysis.

Example statistics:

drawing

*File extension incorrect or missing? Open an issue with an example response and expected behaviour*

### Example usage

#### Install

```shell
python -m pip install idox
```

#### Burp files

Imagine you have a website that looks like the following:

```text
https://domain.com/images/5/download
https://domain.com/images/6/download
```

Then you could use the following burp request:

`request.txt`
```text
GET /images/{INJECT}/download HTTP/1.1
Host: domain.com

```

To IDOR all images with the id's from `0` to `100` like so

```shell
python -m idox file --request-file-path request.txt 100
```

#### Raw URLS

Given it requires no auth, you can also enumerate all items with the following simpler syntax:

```shell
python -m idox url "https://domain.com/images/{INJECT}/download" 100
```

#### Non-incrementing numeric ID enumeration

Imagine a site uses a predictable schema, but it's not `1`, `2`, `3`, etc. This package allows you to instead replace the numeric sequencer with a file of id's to use.

We have created a file [example_ids.txt](example_ids.txt) which is our case is a list of UUID's we leaked from somewhere else out of scope. In order to use this within the program, all you'd need to do is the following command:
```shell
python -m idox url "https://blurp.skelmis.co.nz/{INJECT}" --sequence-file example_ids.txt
```

### Example output

All of these would create an `output` directory which stores all the responses from your target site by response content type.

The following image contains an example output structure:

drawing

For further usage, see `python -m idox --help` or the `data` directory.

---

#### Other stuff

- Want realtime help? Join the discord [here](https://discord.gg/BqPNSH2jPg).
- This project is licensed under the MIT license
- Consider sponsoring me [here](https://github.com/sponsors/Skelmis)