Skip to content

shaunstanislauslau/Corsy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

core

core

 
 

db

db

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

corsy.py

corsy.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation


Corsy
Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

demo

Requirements

Corsy only works with Python 3 and has the following depencies:

  • tld
  • requests

To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer

Liked the project? Donate a few bucks to motivate me to keep writing code for free.

Donate

About

CORS Misconfiguration Scanner

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Python 100.0%