Corsy - CORS Misconfiguration Scanner

2019-11-26T21:27:03
ID KITPLOIT:8450822357645896013
Type kitploit
Reporter KitPloit
Modified 2019-11-26T21:27:03

Description

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Usage
Using Corsy is pretty simple
python corsy.py -u https://example.com
A delay between consecutive requests can be specified with -d option.

> _ Note: _ This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer
Liked the project? Donate a few bucks to motivate me to keep writing code for free.

Download Corsy