Corsy : CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known mis-configurations in CORS implementations.

Requirements

It only works with Python 3 and has the following depencies:

  • tld
  • requests

To install these dependencies, navigate to the tool directory and execute pip3 install -r requirements.txt

Also Read – Glances : Top/htop Alternative For GNU/Linux, BSD, Mac OS & Windows OS

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests Implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test
Download
R K

Share
Published by
R K
Tags: CORSCorsyScanner
6 years ago

Recent Posts

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

1 week ago

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

2 weeks ago

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

2 weeks ago

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

2 weeks ago

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 months ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 months ago