Awesome Open Source
Awesome Open Source


Corsy
Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

demo

Requirements

Corsy only works with Python 3 and has just one dependency:

  • requests

To install this dependency, navigate to Corsy directory and execute pip3 install requests

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

Scan URLs from a file

python3 corsy.py -i /path/urls.txt

Scan URLs from stdin

cat urls.txt | python3 corsy.py

Number of threads

python3 corsy.py -u https://example.com -t 20

Delay between requests

python3 corsy.py -u https://example.com -d 2

Export results to JSON

python3 corsy.py -i /path/urls.txt -o /path/output.json

Custom HTTP headers

python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"

Skip printing tips

-q can be used to skip printing of description, severity, exploitation fields in the output.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Underscore bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test


Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (821,670
Scanner (13,965
Origin (4,573
Cors (2,973
Printing (2,625
Bypass (2,013
Vulnerability Scanners (528
Cors Scanner (5