Corsy
CORS Misconfiguration Scanner
### Introduction
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
### Requirements
Corsy only works with `Python 3` and has the following depencies:
- `tld`
- `requests`
To install these dependencies, navigate to Corsy directory and execute `pip3 install -r requirements.txt`
### Usage
Using Corsy is pretty simple
`python3 corsy.py -u https://example.com`
A delay between consecutive requests can be specified with `-d` option.
> *Note:* This is a beta version, features such as JSON output and scanning multiple hosts will be added later.
### Tests implemented
- Pre-domain bypass
- Post-domain bypass
- Backtick bypass
- Null origin bypass
- Unescaped dot bypass
- Invalid value
- Wild card value
- Origin reflection test
- Third party allowance test
- HTTP allowance test
### Support the developer
Liked the project? Donate a few bucks to motivate me to keep writing code for free.
[](https://s0md3v.github.io/donate.html)