Awesome Open Source
Awesome Open Source


CORS Misconfiguration Scanner


Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.



Corsy only works with Python 3 and has just one dependency:

  • requests

To install this dependency, navigate to Corsy directory and execute pip3 install requests


Using Corsy is pretty simple

python3 -u

Scan URLs from a file

python3 -i /path/urls.txt

Scan URLs from stdin

cat urls.txt | python3

Number of threads

python3 -u -t 20

Delay between requests

python3 -u -d 2

Export results to JSON

python3 -i /path/urls.txt -o /path/output.json

Custom HTTP headers

python3 -u --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"

Skip printing tips

-q can be used to skip printing of description, severity, exploitation fields in the output.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Underscore bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (821,670
Scanner (13,965
Origin (4,573
Cors (2,973
Printing (2,625
Bypass (2,013
Vulnerability Scanners (528
Cors Scanner (5