Hack Tools

Corsy – CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Usage
Using Corsy is pretty simple
python corsy.py -u https://example.com
A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.


Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer
Liked the project? Donate a few bucks to motivate me to keep writing code for free.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

To Top

Pin It on Pinterest

Share This