s0md3v/Corsy

Fork 0

Go to file

duckie fc4364675c remove pycache

2021-01-28 16:05:19 +05:30

core

remove pycache

2021-01-28 16:05:19 +05:30

1.0-beta

2020-01-17 02:44:46 +05:30

CHANGELOG.md

changelog for 0.2-beta

2019-11-25 14:31:31 +05:30

corsy.py

Merge branch 'master' into master

2020-08-21 11:37:56 +05:30

LICENSE

Initial commit

2019-11-24 21:09:06 +05:30

README.md

Update README.md

2020-08-19 22:23:25 +05:30

requirements.txt

Create requirements.txt

2019-11-24 21:41:44 +05:30

README.md

Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Requirements

Corsy only works with Python 3 and has the following depencies:

tld
requests

To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

Scan URLs from a file

python3 corsy.py -i /path/urls.txt

Scan URLs from stdin

cat urls.txt | python3 corsy.py

Number of threads

python3 corsy.py -u https://example.com -t 20

Delay between requests

python3 corsy.py -u https://example.com -d 2

Export results to JSON

python3 corsy.py -i /path/urls.txt -o /path/output.json

Custom HTTP headers

python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"

Skip printing tips

-q can be used to skip printing of description, severity, exploitation fields in the output.

Tests implemented

Pre-domain bypass
Post-domain bypass
Backtick bypass
Null origin bypass
Unescaped dot bypass
Invalid value
Wild card value
Origin reflection test
Third party allowance test
HTTP allowance test

Support the developer

Liked the project? Donate a few bucks to motivate me to keep writing code for free.