s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
89ca2a82bfcca26fa18255759cd45b0b240f2fbf
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Somdev Sangwan 89ca2a82bf bumped version
2019-11-25 14:29:16 +05:30
core
Update requester.py
2019-11-25 14:26:20 +05:30
db
add unescaped regex test
2019-11-25 10:20:45 +05:30
corsy.py
bumped version
2019-11-25 14:29:16 +05:30
LICENSE
Initial commit
2019-11-24 21:09:06 +05:30
README.md
documented unescaped dot bypass test
2019-11-25 10:26:12 +05:30
requirements.txt
Create requirements.txt
2019-11-24 21:41:44 +05:30

README.md


Corsy
Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

demo

Usage

Using Corsy is pretty simple

python corsy.py -u https://example.com

A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer

Liked the project? Donate a few bucks to motivate me to keep writing code for free.

Description
No description provided
Readme GPL-3.0 110 KiB
Languages
Python 100%