Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
Corsy will checks for
Pre-domain bypass
Post-domain bypass
Backtick bypass
Null origin bypass
Unescaped dot bypass
Invalid value
Wild card value
Origin reflection test
Third party allowance test
HTTP allowance test
Demo
Installation
Step 1: In terminal, #sudo gitclone https://github.com/s0md3v/Corsy.git
Step 2: Go to the Corsy folder and install the requirements #cd Corsy/sudo pip3 install -r requirements.txt
Step 3: Convert the installation file into the executable format #cd Corsy/sudo chmod +777 corsy.py
Step 4: Run the installation file with the target to scan # Corsy/ python3 corsy.py -u https://example.com
Additionally you can also use Corsy for,
Scan URLs from a file
python3 corsy.py -i /path/urls.txt
Number of threads
python3 corsy.py -u https://example.com -t 20
Delay between requests
python3 corsy.py -u https://example.com -d 2
Export results to JSON
python3 corsy.py -i /path/urls.txt -o /path/output.json
Custom HTTP headers
python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"