Converted Tab to Spaces

core/requester.py

@@ -1,12 +1,19 @@
 import urllib3
 import requests
+from core.colors import bad
 
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
+# Added better error handling.
+# Added verbose options.
 
 def requester(url, scheme, headers, origin):
     headers['Origin'] = scheme + origin
-    response = requests.get(url, headers=headers, verify=False).headers
+    try:
-    for key, value in response.items():
+        response = requests.get(url, headers=headers, verify=False).headers
-        if key.lower() == 'access-control-allow-origin':
+        for key, value in response.items():
-            return response
+            if key.lower() == 'access-control-allow-origin':
+                return response
+    except requests.exceptions.RequestException as e:
+        if 'Failed to establish a new connection' in str(e):
+            print ( ' ' + bad + ' ' + url + ' seems to be down')

core/utils.py

@@ -2,6 +2,7 @@ import os
 import tld
 import json
 import tempfile
+import re
 
 
 def host(string):
@@ -34,6 +35,15 @@ def create_url_list(target_url, inp_file):
         urls.append(target_url)
     return urls
 
+def create_stdin_list(target_url, inp_file):
+    urls = []
+    if inp_file:
+        for line in inp_file.readlines():
+            if line.startswith(('http://', 'https://')):
+                urls.append(line.rstrip('\n'))
+    if target_url and target_url.startswith(('http://', 'https://')):
+        urls.append(target_url)
+    return urls
 
 def prompt(default=None):
     editor = 'nano'

corsy.py

@@ -6,21 +6,21 @@ import json
 import argparse
 
 from core.tests import active_tests
-from core.utils import host, prompt, format_result, create_url_list, create_stdin_list
+from core.utils import host, prompt, format_result, create_url_list, create_stdin_list, extractHeaders
 from core.colors import bad, end, red, run, good, grey, green, white, yellow
 
 
 print('''
-	%sＣＯＲＳＹ  %s{%sv1.0-beta%s}%s
+    %sＣＯＲＳＹ  %s{%sv1.0-beta%s}%s
 ''' % (green, white, grey, white, end))
 
 
 try:
-	import concurrent.futures
+    import concurrent.futures
-	from urllib.parse import urlparse
+    from urllib.parse import urlparse
 except ImportError:
-	print(' %s corsy needs Python > 3.4 to run.' % bad)
+    print(' %s corsy needs Python > 3.4 to run.' % bad)
-	quit()
+    quit()
 
 parser = argparse.ArgumentParser()
 parser.add_argument('-u', help='target url', dest='target')
@@ -43,65 +43,65 @@ header_dict = args.header_dict
 verbose = args.verbose
 
 if verbose:
-	print ('verbos is enabled')
+    print ('verbos is enabled')
 
 if type(header_dict) == bool:
-	header_dict = extractHeaders(prompt())
+    header_dict = extractHeaders(prompt())
 elif type(header_dict) == str:
-	header_dict = extractHeaders(header_dict)
+    header_dict = extractHeaders(header_dict)
 else:
-	header_dict = {
+    header_dict = {
-		'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0',
+        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0',
-		'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
-		'Accept-Language': 'en-US,en;q=0.5',
+        'Accept-Language': 'en-US,en;q=0.5',
-		'Accept-Encoding': 'gzip',
+        'Accept-Encoding': 'gzip',
-		'DNT': '1',
+        'DNT': '1',
-		'Connection': 'close',
+        'Connection': 'close',
-	}
+    }
 
 
 # PIPE output from other tools such as httprobe etc
 if ( sys.stdin.isatty()):
-	urls = create_url_list(target, inp_file)
+    urls = create_url_list(target, inp_file)
 else:
-	urls = create_stdin_list(target, sys.stdin)
+    urls = create_stdin_list(target, sys.stdin)
 
 
 def cors(target, header_dict, delay):
-	url = target
+    url = target
-	root = host(url)
+    root = host(url)
-	parsed = urlparse(url)
+    parsed = urlparse(url)
-	netloc = parsed.netloc
+    netloc = parsed.netloc
-	scheme = parsed.scheme
+    scheme = parsed.scheme
-	url = scheme + '://' + netloc + parsed.path
+    url = scheme + '://' + netloc + parsed.path
-	return active_tests(url, root, scheme, header_dict, delay)
+    return active_tests(url, root, scheme, header_dict, delay)
 
 
 if urls:
-	if len(urls) > 1:
+    if len(urls) > 1:
-		print(' %s Estimated scan time: %i secs' % (run, round(len(urls) * 1.75)))
+        print(' %s Estimated scan time: %i secs' % (run, round(len(urls) * 1.75)))
-	results = []
+    results = []
-	threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threads)
+    threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threads)
-	futures = (threadpool.submit(cors, url, header_dict, delay) for url in urls)
+    futures = (threadpool.submit(cors, url, header_dict, delay) for url in urls)
-	for each in concurrent.futures.as_completed(futures):
+    for each in concurrent.futures.as_completed(futures):
-		result = each.result()
+        result = each.result()
-		results.append(result)
+        results.append(result)
-		if result:
+        if result:
-			for i in result:
+            for i in result:
-				print(' %s %s' % (good, i))
+                print(' %s %s' % (good, i))
-				print('   %s-%s Class: %s' % (yellow, end, result[i]['class']))
+                print('   %s-%s Class: %s' % (yellow, end, result[i]['class']))
-				if not quiet:
+                if not quiet:
-					print('   %s-%s Description: %s' % (yellow, end, result[i]['description']))
+                    print('   %s-%s Description: %s' % (yellow, end, result[i]['description']))
-					print('   %s-%s Severity: %s' % (yellow, end, result[i]['severity']))
+                    print('   %s-%s Severity: %s' % (yellow, end, result[i]['severity']))
-					print('   %s-%s Exploitation: %s' % (yellow, end, result[i]['exploitation']))
+                    print('   %s-%s Exploitation: %s' % (yellow, end, result[i]['exploitation']))
-				print('   %s-%s ACAO Header: %s' % (yellow, end, result[i]['acao header']))
+                print('   %s-%s ACAO Header: %s' % (yellow, end, result[i]['acao header']))
-				print('   %s-%s ACAC Header: %s\n' % (yellow, end, result[i]['acac header']))
+                print('   %s-%s ACAC Header: %s\n' % (yellow, end, result[i]['acac header']))
-	results = format_result(results)
+    results = format_result(results)
-	if results:
+    if results:
-		if json_file:
+        if json_file:
-			with open(json_file, 'w+') as file:
+            with open(json_file, 'w+') as file:
-				json.dump(results, file, indent=4)
+                json.dump(results, file, indent=4)
-	else:
+    else:
-		print(' %s No misconfigurations found.' % bad)
+        print(' %s No misconfigurations found.' % bad)
 else:
-	print(' %s No valid URLs to test.' % bad)
+    print(' %s No valid URLs to test.' % bad)