Your Perfect Cybersecurity Partner

Stay Connected:

CORSY Tool-Opensource CORS Web Vulnerability Scanner

Image

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Corsy will checks for

  • Pre-domain bypass

  • Post-domain bypass

  • Backtick bypass

  • Null origin bypass

  • Unescaped dot bypass

  • Invalid value

  • Wild card value

  • Origin reflection test

  • Third party allowance test

  • HTTP allowance test

Demo

Installation

Step 1: In terminal, #sudo gitclone https://github.com/s0md3v/Corsy.git

image

Step 2: Go to the Corsy folder and install the requirements #cd Corsy/sudo pip3 install -r requirements.txt

image

Step 3: Convert the installation file into the executable format #cd Corsy/sudo chmod +777 corsy.py

image

Step 4: Run the installation file with the target to scan # Corsy/ python3 corsy.py -u https://example.com

image

image

image

Additionally you can also use Corsy for,

Scan URLs from a file

python3 corsy.py -i /path/urls.txt

Number of threads

python3 corsy.py -u https://example.com -t 20

Delay between requests

python3 corsy.py -u https://example.com -d 2

Export results to JSON

python3 corsy.py -i /path/urls.txt -o /path/output.json

Custom HTTP headers

python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"