Corsy V1.0 - CORS Misconfiguration Scanner
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
Requirements
Corsy only works with
Python 3
and has the following depencies:tld
requests
pip3 install -r requirements.txt
Usage
Using Corsy is pretty simple
python3 corsy.py -u https://example.com
Scan URLs from a file
python3 corsy.py -i /path/urls.txt
Number of threads
python3 corsy.py -u https://example.com -t 20
Delay between requests
python3 corsy.py -u https://example.com -d 2
Export results to JSON
python3 corsy.py -i /path/urls.txt -o /path/output.json
Custom HTTP headers
python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"
Skip printing tips
-q
can be used to skip printing of description
, severity
, exploitation
fields in the output.Tests implemented
- Pre-domain bypass
- Post-domain bypass
- Backtick bypass
- Null origin bypass
- Unescaped dot bypass
- Invalid value
- Wild card value
- Origin reflection test
- Third party allowance test
- HTTP allowance test
Source: feedproxy.google.com
Corsy V1.0 - CORS Misconfiguration Scanner
Reviewed by Anonymous
on
3:41 AM
Rating:
![Corsy V1.0 - CORS Misconfiguration Scanner](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgn9XN7ATw3BogHTINAWjMnlv3BOz85ps9YbIIR_HVEN8w6kG4FxXxsjtCGY4LhDi9uCuSrqg339zjNZ86aneupY6NZbvsV0PzbF_l_XeXXnMICTsR1D7kXOE3bkG0e1Z288X4fAL9-sWRq/s72-c/Corsy_4.png)