Corsy - CORS Misconfiguration Scanner
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
Usage
Using Corsy is pretty simple
python corsy.py -u https://example.com
A delay between consecutive requests can be specified with
-d
option.Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.
Tests implemented
- Pre-domain bypass
- Post-domain bypass
- Backtick bypass
- Null origin bypass
- Unescaped dot bypass
- Invalid value
- Wild card value
- Origin reflection test
- Third party allowance test
- HTTP allowance test
Support the developer
Liked the project? Donate a few bucks to motivate me to keep writing code for free.
- Paypal - https://paypal.me/s0md3v
- Credit/Debit Card - https://www.buymeacoffee.com/s0md3v
Corsy - CORS Misconfiguration Scanner
Reviewed by Zion3R
on
6:27 PM
Rating:
![Corsy - CORS Misconfiguration Scanner](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd8ELXyij1Ds2jSIrKNgFHGKVDuM5Yeh9rVZrQ08i_ziHzKjZ5MsgKpxNq819jLiEHxz6oi7q116TcNsFt0PbwqH5nYPoDr6X6wz_GA-uef_ItPLPBIe4zMoOHrgmCgded9Ktjezv2eKih/s72-c/Corsy_4.png)