From 742e3134fe3087f48b6def48aab017da6abeaffe Mon Sep 17 00:00:00 2001
From: duckie <sarthakmisraa@gmail.com>
Date: Fri, 21 Aug 2020 15:55:10 +0530
Subject: [PATCH] removed the nested folder, sorry too many commits

---
 Corsy/core/__init__.py  |  1 -
 Corsy/core/colors.py    | 21 ----------
 Corsy/core/requester.py | 19 ---------
 Corsy/core/tests.py     | 92 -----------------------------------------
 Corsy/core/utils.py     | 78 ----------------------------------
 Corsy/db/details.json   | 63 ----------------------------
 6 files changed, 274 deletions(-)
 delete mode 100644 Corsy/core/__init__.py
 delete mode 100644 Corsy/core/colors.py
 delete mode 100644 Corsy/core/requester.py
 delete mode 100644 Corsy/core/tests.py
 delete mode 100644 Corsy/core/utils.py
 delete mode 100644 Corsy/db/details.json

diff --git a/Corsy/core/__init__.py b/Corsy/core/__init__.py
deleted file mode 100644
index 8b13789..0000000
--- a/Corsy/core/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/Corsy/core/colors.py b/Corsy/core/colors.py
deleted file mode 100644
index b851893..0000000
--- a/Corsy/core/colors.py
+++ /dev/null
@@ -1,21 +0,0 @@
-import sys
-
-colors = True # Output should be colored
-machine = sys.platform # Detecting the os of current system
-if machine.lower().startswith(('os', 'win', 'darwin', 'ios')):
-    colors = False # Colors shouldn't be displayed in mac & windows
-if not colors:
-    end = red = white = green = yellow = grey = run = bad = good = info = que = ''
-else:
-    grey = '\033[37m'
-    white = '\033[97m'
-    green = '\033[92m'
-    red = '\033[91m'
-    yellow = '\033[93m'
-    end = '\033[0m'
-    back = '\033[7;91m'
-    info = '\033[93m!\033[0m'
-    que = '\033[94m?\033[0m'
-    bad = '\033[91m-\033[0m'
-    good = '\033[92m+\033[0m'
-    run = '\033[97m~\033[0m'
diff --git a/Corsy/core/requester.py b/Corsy/core/requester.py
deleted file mode 100644
index 8e37105..0000000
--- a/Corsy/core/requester.py
+++ /dev/null
@@ -1,19 +0,0 @@
-import urllib3
-import requests
-from core.colors import bad
-
-urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
-
-# Added better error handling.
-# Added verbose options.
-
-def requester(url, scheme, headers, origin):
-	headers['Origin'] = scheme + origin
-	try:
-		response = requests.get(url, headers=headers, verify=False).headers
-		for key, value in response.items():
-			if key.lower() == 'access-control-allow-origin':
-				return response
-	except requests.exceptions.RequestException as e:
-		if 'Failed to establish a new connection' in str(e):
-			print ( ' ' + bad + ' ' + url + ' seems to be down')
diff --git a/Corsy/core/tests.py b/Corsy/core/tests.py
deleted file mode 100644
index bda5017..0000000
--- a/Corsy/core/tests.py
+++ /dev/null
@@ -1,92 +0,0 @@
-import sys
-import time
-
-from core.requester import requester
-from core.utils import host, load_json
-
-details = load_json(sys.path[0] + '/db/details.json')
-
-def passive_tests(url, headers):
-    root = host(url)
-    acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-    if acao_header == '*':
-        info = details['wildcard value']
-        info['acao header'] = acao_header
-        info['acac header'] = acac_header
-        return {url : info}
-    if root:
-        if host(acao_header) and root != host(acao_header):
-            info = details['third party allowed']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-
-
-def active_tests(url, root, scheme, header_dict, delay):
-    headers = requester(url, scheme, header_dict, 'example.com')
-    if headers:
-        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-        if acao_header and acao_header == (scheme + 'example.com'):
-            info = details['origin reflected']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-        elif not acao_header:
-            return
-        time.sleep(delay)
-
-        headers = requester(url, scheme, header_dict, root + '.example.com')
-        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-        if acao_header and acao_header == (scheme + root + '.example.com'):
-            info = details['post-domain wildcard']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-        time.sleep(delay)
-
-        headers = requester(url, scheme, header_dict, 'd3v' + root)
-        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-        if acao_header and acao_header == (scheme + 'd3v' + root):
-            info = details['pre-domain wildcard']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-        time.sleep(delay)
-
-        headers = requester(url, '', header_dict, 'null')
-        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-        if acao_header and acao_header == 'null':
-            info = details['null origin allowed']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-        time.sleep(delay)
-
-        headers = requester(url, scheme, header_dict, root + '%60.example.com')
-        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-        if acao_header and '`.example.com' in acao_header:
-            info = details['broken parser']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-        time.sleep(delay)
-
-        if root.count('.') > 1:
-            spoofed_root = root.replace('.', 'x', 1)
-            headers = requester(url, scheme, header_dict, spoofed_root)
-            acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-            if acao_header and host(acao_header) == spoofed_root:
-                info = details['unescaped regex']
-                info['acao header'] = acao_header
-                info['acac header'] = acac_header
-                return {url : info}
-            time.sleep(delay)
-        headers = requester(url, 'http', header_dict, root)
-        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
-        if acao_header and acao_header.startswith('http://'):
-            info = details['http origin allowed']
-            info['acao header'] = acao_header
-            info['acac header'] = acac_header
-            return {url : info}
-        else:
-            return passive_tests(url, headers)
diff --git a/Corsy/core/utils.py b/Corsy/core/utils.py
deleted file mode 100644
index 998108f..0000000
--- a/Corsy/core/utils.py
+++ /dev/null
@@ -1,78 +0,0 @@
-import os
-import tld
-import json
-import tempfile
-
-
-def host(string):
-	if string and '*' not in string:
-		return tld.get_fld(string, fix_protocol=True, fail_silently=True)
-
-
-def load_json(file):
-	with open(file) as f:
-		return json.load(f)
-
-
-def format_result(result):
-	new_result = {}
-	for each in result:
-		if each:
-			for i in each:
-				new_result[i] = each[i]
-	return new_result
-
-
-def create_url_list(target_url, inp_file):
-	urls = []
-	if inp_file:
-		with open(inp_file, 'r') as file:
-			for line in file:
-				if line.startswith(('http://', 'https://')):
-					urls.append(line.rstrip('\n'))
-	if target_url and target_url.startswith(('http://', 'https://')):
-		urls.append(target_url)
-	return urls
-
-def create_stdin_list(target_url, inp_file):
-	urls = []
-	if inp_file:
-		for line in inp_file.readlines():
-			if line.startswith(('http://', 'https://')):
-				urls.append(line.rstrip('\n'))
-	if target_url and target_url.startswith(('http://', 'https://')):
-		urls.append(target_url)
-	return urls
-
-def prompt(default=None):
-	editor = 'nano'
-	with tempfile.NamedTemporaryFile(mode='r+') as tmpfile:
-		if default:
-			tmpfile.write(default)
-			tmpfile.flush()
-
-		child_pid = os.fork()
-		is_child = child_pid == 0
-
-		if is_child:
-			os.execvp(editor, [editor, tmpfile.name])
-		else:
-			os.waitpid(child_pid, 0)
-			tmpfile.seek(0)
-			return tmpfile.read().strip()
-
-
-def extractHeaders(headers):
-	headers = headers.replace('\\n', '\n')
-	sorted_headers = {}
-	matches = re.findall(r'^?(.*?):\s(.*?)[\n$]', headers)
-	for match in matches:
-		header = match[0]
-		value = match[1]
-		try:
-			if value[-1] == ',':
-				value = value[:-1]
-			sorted_headers[header] = value
-		except IndexError:
-			pass
-	return sorted_headers
diff --git a/Corsy/db/details.json b/Corsy/db/details.json
deleted file mode 100644
index e71e179..0000000
--- a/Corsy/db/details.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
-	"wildcard value" : {
-		"class" : "wildcard value",
-		"description" : "This host allows requests made from any origin. However, browsers will block all requests to this host by default.",
-		"severity" : "low",
-		"exploitation" : "Not possible"
-	},
-	"third party allowed" : {
-		"class" : "third party allowed",
-		"description" : "This host has whitelisted a third party host for cross origin requests.",
-		"severity" : "Medium",
-		"exploitation" : "If the whitelisted host is a code hosting platform such as codepen.io or has an XSS vulnerability, it can be used to exploit this misconfiguration."
-
-	},
-	"origin reflected": {
-		"class" : "origin reflected",
-		"description" : "This host allows any origin to make requests to it.",
-		"severity" : "high",
-		"exploitation" : "Make requests from any domain you control."
-	},
-	"invalid value" : {
-		"class" : "invalid value",
-		"description" : "Header's value is invalid, this CORS implementation doesn't work at all.",
-		"severity" : "low",
-		"exploitation" : "Not possible"
-	},
-	"post-domain wildcard" : {
-		"class" : "post-domain wildcard",
-		"description" : "The origin verification is flawed, it allows requests from a host that has this host as a prefix.",
-		"severity" : "high",
-		"exploitation" : "Make requests from target.com.attacker.com"
-	},
-	"pre-domain wildcard" : {
-		"class" : "pre-domain wildcard",
-		"description" : "The origin verification is flawed, it allows requests from a host that has this host as a suffix.",
-		"severity" : "high",
-		"exploitation" : "Make requests from attacker-target.com"
-	},
-	"null origin allowed" : {
-		"class" : "null origin allowed",
-		"description" : "This host allows requests from 'null' origin.",
-		"severity" : "high",
-		"exploitation" : "Make requests from a sandboxed iframe."
-	},
-	"http origin allowed" : {
-		"class" : "http origin allowed",
-		"description" : "This host allows sharing resources over an unencrypted (HTTP) connection.",
-		"severity" : "low",
-		"exploitation" : "Sniff requests made over the unencrypted channel."
-	},
-	"broken parser" : {
-		"class" : "broken parser",
-		"description" : "The origin verification is flawed and can be bypassed using a backtick (`).",
-		"severity" : "high",
-		"exploitation" : "Set the 'Origin' header to %60.example.com"
-	},
-	"unescaped regex" : {
-		"class" : "unescaped regex",
-		"description" : "The regex used for origin verification contains an unescaped dot (.) character.",
-		"severity" : "high",
-		"exploitation" : "If the target is sub.example.com, make requests from subxexample.com"
-	}
-}