idor
Pipeline-based offensive security scanner: recon and web vuln testing (XSS/SQLi/IDOR/BAC), every finding double-confirmed. Python, no core deps.
Offline SAST that detects IDOR, missing authentication, and ownership bypass. OWASP recall 62%, CVE recall 96.3% across 5 languages. Beats Semgrep OSS on recall.
mitmproxy-based IDOR detection tool - intercepts traffic and analyzes parameter relationships to find insecure direct object references
SDK for building GloomProxy scanner plugins