Corsy is a lightweight program that scans for all known mis-configurations in CORS implementations.
Requirements
It only works with Python 3
and has the following depencies:
tld
requests
To install these dependencies, navigate to the tool directory and execute pip3 install -r requirements.txt
Also Read – Glances : Top/htop Alternative For GNU/Linux, BSD, Mac OS & Windows OS
Using Corsy is pretty simple
python3 corsy.py -u https://example.com
A delay between consecutive requests can be specified with -d
option.
Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.
- Pre-domain bypass
- Post-domain bypass
- Backtick bypass
- Null origin bypass
- Unescaped dot bypass
- Invalid value
- Wild card value
- Origin reflection test
- Third party allowance test
- HTTP allowance test