def __init__(self, base_url, delay=1): self.base_url = base_url self.session = requests.Session() self.session.headers.update( 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ) self.delay = delay self.vulnerabilities = [] self.products = []
def test_idor(self, url, param='id'): """Test for Insecure Direct Object References""" current_id = self._get_param_value(url, param) if not current_id or not current_id.isdigit(): return # Test adjacent IDs for offset in [1, -1, 2, -2]: test_id = str(int(current_id) + offset) test_url = url.replace(f"param=current_id", f"param=test_id") try: response = self.session.get(test_url, timeout=5) # If response is similar but different content, potential IDOR if response.status_code == 200 and "login" not in response.url.lower(): soup = BeautifulSoup(response.text, 'html.parser') title_tag = soup.find('title') if title_tag and '404' not in title_tag.text.lower(): self._report_vulnerability(f'Potential IDOR (ID: test_id)', test_url) except Exception as e: print(f" [!] IDOR test failed: e")
# Crawl IDs from 1 to 50 valid_pages = auditor.crawl_ids(target_url, start=1, end=50) inurl index php id 1 shop
This pattern typically indicates a website with a numeric id parameter in the URL (e.g., product pages, category listings). A powerful feature to build is a for security auditing and content aggregation. Feature Name: Smart Parameter Fuzzer & Security Auditor Core Functionality This tool automates testing for common web vulnerabilities (SQLi, XSS, IDOR) on URLs matching the index.php?id=X shop pattern, while also extracting product data. Python Script Implementation import requests from bs4 import BeautifulSoup from urllib.parse import urljoin, parse_qs, urlparse import time import sys class SmartShopAuditor: """ Automated security & data extraction tool for shop URLs Pattern: inurl:index.php?id=123 shop """
def _extract_price(self, soup): price_patterns = ['price', 'product-price', 'sale-price', 'amount'] for pattern in price_patterns: elem = soup.find(class_=pattern) or soup.find(id=pattern) if elem: return elem.get_text(strip=True) return "N/A" def __init__(self, base_url, delay=1): self
# Generate final report print(auditor.generate_report())
def generate_report(self): """Generate a comprehensive security & data report""" report = f""" '='*60 SHOP AUDITOR REPORT '='*60 VULNERABILITIES FOUND: len(self.vulnerabilities) """ for vuln in self.vulnerabilities: report += f"\n • vuln['type']\n URL: vuln['url']\n" report += f"\n\nPRODUCTS EXTRACTED: len(self.products)\n" for product in self.products[:10]: # Show first 10 report += f"\n • product['title']\n Price: product['price']\n URL: product['url']\n" report += f"\n'='*60\n" return report Python Script Implementation import requests from bs4 import
def _report_vulnerability(self, vuln_type, url): self.vulnerabilities.append('type': vuln_type, 'url': url) print(f"[⚠] VULNERABILITY: vuln_type at url") if name == " main ": # Example URL pattern from search target_url = "http://test-shop.com/index.php?id=1"