Skip to content
CORS Misconfiguration Scanner
Branch: master
Clone or download
s0md3v Merge pull request #8 from afranche/master
Correct typos in errors details messages
Latest commit d1da167 Nov 28, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
core should resolve #7 Nov 27, 2019
db Update details.json Nov 28, 2019 changelog for 0.2-beta Nov 25, 2019
LICENSE Initial commit Nov 24, 2019 updated donation link Nov 27, 2019 bumped version Nov 25, 2019
requirements.txt Create requirements.txt Nov 24, 2019


CORS Misconfiguration Scanner


Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.



Corsy only works with Python 3 and has the following depencies:

  • tld
  • requests

To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt


Using Corsy is pretty simple

python3 -u

A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer

Liked the project? Donate a few bucks to motivate me to keep writing code for free.


You can’t perform that action at this time.