Corsy - CORS Misconfiguration Scanner


Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Usage
Using Corsy is pretty simple
python corsy.py -u https://example.com
A delay between consecutive requests can be specified with -d option.
Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented
  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer
Liked the project? Donate a few bucks to motivate me to keep writing code for free.


Corsy - CORS Misconfiguration Scanner Corsy - CORS Misconfiguration Scanner Reviewed by Zion3R on 6:27 PM Rating: 5