Skip to content
CORS Misconfiguration Scanner
Python
Branch: master
Clone or download
s0md3v Merge pull request #8 from afranche/master
Correct typos in errors details messages
Latest commit d1da167 Nov 28, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
core should resolve #7 Nov 27, 2019
db Update details.json Nov 28, 2019
CHANGELOG.md changelog for 0.2-beta Nov 25, 2019
LICENSE Initial commit Nov 24, 2019
README.md updated donation link Nov 27, 2019
corsy.py bumped version Nov 25, 2019
requirements.txt Create requirements.txt Nov 24, 2019

README.md


Corsy
Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

demo

Requirements

Corsy only works with Python 3 and has the following depencies:

  • tld
  • requests

To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer

Liked the project? Donate a few bucks to motivate me to keep writing code for free.

Donate

You can’t perform that action at this time.