Skip to content

makuga01/Corsy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
core
core
 
 
db
db
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
corsy.py
corsy.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation


Corsy
Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

demo

Requirements

Corsy only works with Python 3 and has the following depencies:

  • tld
  • requests

To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

A delay between consecutive requests can be specified with -d option.

Docker

If you want to build the container yourself manually, git clone the repo, then build and run the following commands

  • Clone the repo using git clone https://github.com/s0md3v/Corsy
  • Build your docker container
docker build -t corsy .
  • After building the container using either way, run the following -
docker run -it corsy -u https://example.com

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test

Support the developer

Liked the project? Donate a few bucks to motivate me to keep writing code for free.

Donate

About

CORS Misconfiguration Scanner

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

 
 
 

Contributors

Languages

  • Python 97.0%
  • Dockerfile 3.0%