GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Shivangx01b → Corsme

Shivangx01b / Corsme

Cross Origin Resource Sharing MisConfiguration Scanner

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

webscannerbugbountyapplicationoffensive-security

Projects that are alternatives of or similar to Corsme

Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1533.9%)
Mutual labels:  scanner, offensive-security, bugbounty
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+651.69%)
Mutual labels:  application, scanner, bugbounty
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+550%)
Mutual labels:  scanner, offensive-security, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+394.07%)
Mutual labels:  scanner, bugbounty
Vault
swiss army knife for hackers
Stars: ✭ 346 (+193.22%)
Mutual labels:  scanner, offensive-security
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+331.36%)
Mutual labels:  scanner, bugbounty
jsleak
a Go code to detect leaks in JS files via regex patterns
Stars: ✭ 111 (-5.93%)
Mutual labels:  scanner, bugbounty
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+6040.68%)
Mutual labels:  scanner, bugbounty
Command Injection Payload List
🎯 Command Injection Payload List
Stars: ✭ 658 (+457.63%)
Mutual labels:  application, bugbounty
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+556.78%)
Mutual labels:  scanner, offensive-security
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+627.97%)
Mutual labels:  scanner, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+725.42%)
Mutual labels:  scanner, bugbounty
Rmiscout
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Stars: ✭ 296 (+150.85%)
Mutual labels:  scanner, offensive-security
Recon Pipeline
An automated target reconnaissance pipeline.
Stars: ✭ 278 (+135.59%)
Mutual labels:  scanner, bugbounty
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+358.47%)
Mutual labels:  offensive-security, bugbounty
cf-check
CloudFlare Checker written in Go
Stars: ✭ 147 (+24.58%)
Mutual labels:  scanner, bugbounty
Webhackersweapons
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (+921.19%)
Mutual labels:  scanner, bugbounty
nuubi
Nuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-35.59%)
Mutual labels:  scanner, bugbounty
Resources
No description or website provided.
Stars: ✭ 38 (-67.8%)
Mutual labels:  scanner, bugbounty
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+570.34%)
Mutual labels:  scanner, bugbounty
View All Similar Projects ➔



What is CorsMe ?

A cors misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

How to Install

$ go get -u -v github.com/shivangx01b/CorsMe

Usage

Single Url

echo "https://example.com" | ./CorsMe

Multiple Url

cat http_https.txt | ./CorsMe -t 70

Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 -wildcard

Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...."

Save output in a file

cat http_https.txt | ./CorsMe -t 70 -output audit.logs

Add another method if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...." -method "POST"

Tip

subfinder -d hackerone.com -nW -silent | ./httprobe -c 70 -p 80,443,8080,8081,8089 | tee http_https.txt
cat http_https.txt | ./CorsMe -t 70

Screenshot

1414

Note:

  • Scanner stores the error results as "error_requests.txt"... which contains hosts which cannot be requested

Ideas for making this tool are taken from :

CORScanner

Corsy

cors-blimey

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].