CorsMe : Cross Origin Resource Sharing MisConfiguration Scanner

A CorsMe misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

How to Install?

$ go get -u


  • Single Url

echo “” | ./CorsMe

  • Multiple Url

cat http_https.txt | ./CorsMe -t 70

  • Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 –wildcard

  • Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header “Cookie: Session=12cbcx….”

  • Tip

cat subdomains.txt | ./httprobe -c 70 -p 8080,8081,8089 | tee http_https.txt cat http_http

s.txt | ./CorsMe -t 70


  • Scanner stores the error results as “error_requests.txt”… which contains hosts which cannot be requested