hunt-idor (Claude-BugHunter)
IDOR-hunting skill distilled from 26 public bug-bounty reports.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for hunt-idor (Claude-BugHunter), derived from its capabilities.
AIVSS 7.6 ยท High
View MAESTRO 7-layer threat model โOverview
A focused offensive skill for finding Insecure Direct Object Reference (IDOR) vulnerabilities, built from 26 disclosed HackerOne/GitHub reports with 'crown jewel' target patterns. Surface: guides authenticated request tampering and object-id enumeration against live web targets.
Key features
- Built from 26 real disclosed reports
- Crown-jewel target patterns
- Part of the Claude-BugHunter hunting suite
Use cases
- Hunt IDOR on an authorized target
- Enumerate object-reference access-control gaps