Corsy : CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Requirements

It only works with Python 3 and has the following dependencies:

  • tld
  • requests

To install these dependencies, navigate to the tool directory and execute pip3 install -r requirements.txt

Usage

Using it is pretty simple

python3 corsy.py -u https://example.com

Scan URLs from a file

python3 corsy.py -i /path/urls.txt

Number of threads

python3 corsy.py -u https://example.com -t 20

Also Read – AntiCheat : Framework To Test Any Anti-Cheat

Delay between requests

python3 corsy.py -u https://example.com -d 2

Export results to JSON

python3 corsy.py -i /path/urls.txt -o /path/output.json

Custom HTTP headers

python3 corsy.py -u https://example.com –headers “User-Agent: GoogleBot\nCookie: SESSION=Hacked”

Skip printing tips

-q can be used to skip printing of description, severity, exploitation fields in the output.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test
R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

7 days ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

7 days ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago