Ask me what skills you need
What are you building?
Tell me what you're working on and I'll find the best agent skills for you.
Test for Insecure Direct Object Reference vulnerabilities
Test for Insecure Direct Object Reference vulnerabilities.
Read shared state in this order before testing:
notes/summary.mdnotes/observations.mdchecklist.md (IDOR items only)todo.md (IDOR items only)Use agents/bypass_harness.py in --type idor mode for first-pass ID swapping and header-trick coverage. Expand manually for multi-step workflows, write actions, and role-bound objects once you identify a promising reference.
python agents/bypass_harness.py --target https://target.com/api/v1/orders/123 \
--type idor --program target --concurrency 5 --rps 2
| Mode | Use When | What It Tests |
|---|---|---|
horizontal-read | One user can see another user's object | Read access control on object fetches |
horizontal-write | Mutable resources exist | Update or delete authorization on peer objects |
vertical | Admin or privileged resources are exposed via IDs | Role boundary enforcement |
workflow | IDs appear across multi-step flows | Ownership checks at each transition |
# Path-based ID swapping
npx skills add ghostonbutterbread/bug-bounty-harness --skill idorHow clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
Clear and well structured, with only minor parts that might need a second read.
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
Highly actionable with clear, concrete steps that an agent can follow directly.