Corsy : CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known mis-configurations in CORS implementations.

Requirements

It only works with Python 3 and has the following depencies:

• tld
• requests

To install these dependencies, navigate to the tool directory and execute pip3 install -r requirements.txt

Also Read – Glances : Top/htop Alternative For GNU/Linux, BSD, Mac OS & Windows OS

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests Implemented

• Pre-domain bypass
• Post-domain bypass
• Backtick bypass
• Null origin bypass
• Unescaped dot bypass
• Invalid value
• Wild card value
• Origin reflection test
• Third party allowance test
• HTTP allowance test