stdin support, include url path, better error handling

2021-01-28 16:51:35 +05:30
parent 62fcc3974d ad0bd1429b
commit 9bc60b84c4
4 changed files with 36 additions and 9 deletions
--- a/README.md
+++ b/README.md
@@ -39,6 +39,9 @@ Using Corsy is pretty simple
 ##### Scan URLs from a file
 `python3 corsy.py -i /path/urls.txt`

+##### Scan URLs from stdin
+`cat urls.txt | python3 corsy.py`
+
 ##### Number of threads
 `python3 corsy.py -u https://example.com -t 20`

--- a/core/requester.py
+++ b/core/requester.py
@@ -1,12 +1,21 @@
 import urllib3
 import requests
+from core.colors import bad

 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

+# Added better error handling.
+# Added verbose options.

 def requester(url, scheme, headers, origin):
    headers['Origin'] = scheme + origin
+    try:
        response = requests.get(url, headers=headers, verify=False).headers
        for key, value in response.items():
            if key.lower() == 'access-control-allow-origin':
                return response
+    except requests.exceptions.RequestException as e:
+        if 'Failed to establish a new connection' in str(e):
+            print ('%s %s is unreachable' % (bad, url))
+        elif 'requests.exceptions.TooManyRedirects:' in str(e):
+        	print ('%s %s has too many redirects' % (bad, url))
--- a/core/utils.py
+++ b/core/utils.py
@@ -2,6 +2,7 @@ import os
 import re
 import json
 import tempfile
+import re

 from urllib.parse import urlparse

@@ -35,6 +36,15 @@ def create_url_list(target_url, inp_file):
        urls.append(target_url)
    return urls

+def create_stdin_list(target_url, inp_file):
+    urls = []
+    if inp_file:
+        for line in inp_file.readlines():
+            if line.startswith(('http://', 'https://')):
+                urls.append(line.rstrip('\n'))
+    if target_url and target_url.startswith(('http://', 'https://')):
+        urls.append(target_url)
+    return urls

 def prompt(default=None):
    editor = 'nano'
--- a/corsy.py
+++ b/corsy.py
@@ -7,7 +7,7 @@ import argparse
 from requests.exceptions import ConnectionError

 from core.tests import active_tests
-from core.utils import host, prompt, format_result, extractHeaders, create_url_list
+from core.utils import host, prompt, format_result, extractHeaders, create_url_list, create_stdin_list
 from core.colors import bad, end, red, run, good, grey, green, white, yellow


@@ -55,7 +55,13 @@ else:
        'Connection': 'close',
    }

-urls = create_url_list(target, inp_file)
+
+# PIPE output from other tools such as httprobe etc
+if sys.stdin.isatty():
+    urls = create_url_list(target, inp_file)
+else:
+    urls = create_stdin_list(target, sys.stdin)
+

 def cors(target, header_dict, delay):
    url = target
@@ -63,12 +69,11 @@ def cors(target, header_dict, delay):
    parsed = urlparse(url)
    netloc = parsed.netloc
    scheme = parsed.scheme
-    url = scheme + '://' + netloc
+    url = scheme + '://' + netloc + parsed.path
    try:
        return active_tests(url, root, scheme, header_dict, delay)
    except ConnectionError as exc:
-        print(f'[WARNING] Unable to connect to {target}: {exc}')
-
+        print('%s Unable to connect to %s' % (bad, root))

 if urls:
    if len(urls) > 1: