IDOR-Forge-V1.5.2

🚀 What's new in this update?

In this update, a number of bugs were fixed and a switch was added to the tool as follows, which enables you to use numbers in the desired range in your scans:

• --num-range: Range of numbers to test as payloads, format: start-end (e.g., 1-100)
  

IDOR-Forge V1.5.1

🚀 What's new in this update?

In this update, the following sections were added to the GUI mode:

• Multi-Threaded Scanning Option
• Proxy Settings

IDOR-Forge V-1.5

🚀 What's new in this update?

In this update, the following sections were added to the tool:

• Multi-Threaded Scanning
• Automating Login

IDOR-Forge-V1.4

🚀 What's new in this update?

We are making changes to the GUI that you can choose and use when using the project. The most important change in this version is the Reporting and Visualization feature that you can use by using the -Rv switch.

IDOR-Forge V-1.3.1

🚀 What's new in this update?

All changes made in this version are to the interactive file and the structure of the GUI mode tool has been changed fundamentally and the following options have been added to it:

1. All code was rewritten using PyQt5 and its bugs were fixed.
2. The header section was added to the GUI environment which (file, view, edit, help)

IDOR-Forge V-1.3

🚀 What's new in this update?

1. Multi-Threading & Performance Optimization

✅ Concurrent Scanning :

• Utilizes concurrent.futures.ThreadPoolExecutor for concurrent scanning of payloads, improving performance significantly.
• Configurable number of threads via the max_workers parameter.

✅ Exponential Backoff :

• Implements exponential backoff for retrying failed requests due to rate limiting or network issues.

✅ Thread-Safe Operations :

• Ensures thread-safe access to shared resources like payload_history using Python's Lock.

2.Rate-Limiting Detection

✅ Automatic Adjustment :

• Detects rate limiting based on response status codes (429 Too Many Requests) and headers (Retry-After).
• Adjusts the delay between requests dynamically to avoid triggering rate limits.

IDOR-Forge v1.2

In this version, significant changes have been made to the GUI environment.

Interactive GUI :

• Allows users to input target URLs, test values, and select payload types (SQL, XSS, XML) interactively.
• Displays real-time scan results in the GUI's text area.

Progress Tracking :

• Implements a progress bar to indicate the progress of the scan.

Stop Scan Feature :

• Provides a "Stop Scan" button to allow users to terminate the scan manually.

IDOR-Forge v1.1

🚀 New Release: [Version 1.1] – Enhanced Payload Handling & Security Testing

🔥What's New?
This release brings powerful updates to improve the effectiveness of security testing, including:

• Expanded SQL Injection, XSS and XML Payloads – Now utilizing an extended set of SQL payloads from sql.txt, xss.txt, xml.txt enhancing detection capabilities.
• More XSS, XML & Other Payloads – Added new attack vectors to cover a wider range of vulnerabilities.
• Improved Payload Handling – Enhanced script efficiency for processing and testing payloads dynamically.
• Optimized Detection Logic – Fine-tuned mechanisms for identifying and logging potential threats.

IDOR-Forge v1.0

IDOR-Forge v1.0 is a powerful and efficient tool designed to help security researchers and penetration testers identify Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This release offers a fully automated approach to testing URL parameters for IDOR flaws, enabling quick detection of unauthorized access to sensitive resources.

Key Features:

• Automated IDOR Detection: Test URL parameters for potential IDOR vulnerabilities using a range of dynamic payloads.
• Multiple Payloads: Includes advanced attack vectors like random strings, UUIDs, SQL injection, XSS, and more.
• Sensitive Data Detection: Automatically flags responses containing sensitive information such as passwords, tokens, and credit card numbers.
• Rate Limiting Handling: Detects and adapts to rate limiting mechanisms with automatic backoff strategies.
• Customizable: Configurable headers, proxies, and sensitive keyword lists for tailored scans.
• Interactive GUI: A Tkinter-based graphical interface for users who prefer a more intuitive, non-command-line experience.
• Flexible Output Formats: Results can be saved in TXT, CSV, or JSON formats for easy analysis and reporting.

This release marks the first stable version of IDOR-Forge, providing a comprehensive solution for web security testing related to IDOR vulnerabilities.