CorsMe : Cross Origin Resource Sharing MisConfiguration Scanner

A CorsMe misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

How to Install?

$ go get -u github.com/shivangx01b/CorsMe

Usage

  • Single Url

echo “https://example.com” | ./CorsMe

  • Multiple Url

cat http_https.txt | ./CorsMe -t 70

  • Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 –wildcard

  • Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header “Cookie: Session=12cbcx….”

  • Tip

cat subdomains.txt | ./httprobe -c 70 -p 8080,8081,8089 | tee http_https.txt cat http_http

s.txt | ./CorsMe -t 70

Note

  • Scanner stores the error results as “error_requests.txt”… which contains hosts which cannot be requested
Download
R K

Share
Published by
R K
Tags: CorsMeScanner
5 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

1 day ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

1 day ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

1 day ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

1 day ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago