Pentest Tools

Published on January 21st, 2020 📆 | 8410 Views ⚑

Corsy v1.0 – CORS Misconfiguration Scanner

https://www.ispeech.org

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Requirements
Corsy only works with Python 3 and has the following depencies:

To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt

Usage
Using Corsy is pretty simple
python3 corsy.py -u https://example.com

Scan URLs from a file
python3 corsy.py -i /path/urls.txt

Number of threads
python3 corsy.py -u https://example.com -t 20

Delay between requests
python3 corsy.py -u https://example.com -d 2

Export results to JSON
python3 corsy.py -i /path/urls.txt -o /path/output.json

Custom HTTP headers
python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBotnCookie: SESSION=Hacked"

Skip printing tips
-q can be used to skip printing of description, severity, exploitation fields in the output.

Tests implemented

Pre-domain bypass
Post-domain bypass
Backtick bypass
Null origin bypass
Unescaped dot bypass
Invalid value
Wild card value
Origin reflection test
Third party allowance test
HTTP allowance test

Source link

Tagged with: corsy • misconfiguration • scanner

Comments are closed.

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Popular
- Red Hat Security Advisory 2024-2886-03 – Torchsec by Admin May 18, 2024 The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2886.jsonRed Hat officially shut… (12)
- Ivanti Patches Critical Remote Code Execution Flaws… by Admin May 23, 2024 May 23, 2024NewsroomEndpoint Security / Vulnerability Ivanti on Tuesday rolled… (8)
- Copyleaks Study Finds Proliferation of AI Content on the Web by Admin May 13, 2024 Since ChatGPT arrived on the net in 2022, AI-generated content… (7)
- DarkGate Malware Replaces AutoIt with AutoHotkey in… by Admin June 4, 2024 Jun 04, 2024NewsroomVulnerability / Threat Intelligence Cyber attacks involving the… (7)
Gloss
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Deena Bowles
  
  registered 5 minutes ago
- Letha Daly
  
  registered 16 minutes ago
- Jamey Weiland
  
  registered 2 hours, 14 minutes ago
- Cooper Cayton
  
  registered 3 hours, 12 minutes ago
- Numbers Fitzwater
  
  registered 3 hours, 59 minutes ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- Embedded Systems, Electronics, Gadgets, and DIY
  
  active 5 minutes ago
- Gaming
  
  active 5 minutes ago
- Pentest Tools
  
  active 5 minutes ago
- General Talk
  
  active 5 minutes ago
- Help Me !!
  
  active 5 minutes ago
linktr.ee/obewyn

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Corsy v1.0 – CORS Misconfiguration Scanner

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups