s0md3v / Corsy
Licence: gpl-3.0
CORS Misconfiguration Scanner
Stars: ✭ 756
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Corsy
Nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Stars: ✭ 6,307 (+734.26%)
Mutual labels: vulnerability-scanner
Wormhole
Wormhole — it's better EventEmitter for communication between tabs with supporting Master/Slave.
Stars: ✭ 393 (-48.02%)
Mutual labels: cors
Corscanner
Fast CORS misconfiguration vulnerabilities scanner🍻
Stars: ✭ 601 (-20.5%)
Mutual labels: cors
Sqli Hunter
SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Stars: ✭ 340 (-55.03%)
Mutual labels: vulnerability-scanner
Cross Origin
🌀 跨域demo。CORS、JSONP、postMessage、websocket、document.domain、window.name、iframe等示例
Stars: ✭ 475 (-37.17%)
Mutual labels: cors
Microwebsrv2
The last Micro Web Server for IoTs (MicroPython) or large servers (CPython), that supports WebSockets, routes, template engine and with really optimized architecture (mem allocations, async I/Os). Ready for ESP32, STM32 on Pyboard, Pycom's chipsets (WiPy, LoPy, ...). Robust, efficient and documented!
Stars: ✭ 295 (-60.98%)
Mutual labels: cors
Sqlmap
Automatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+2797.75%)
Mutual labels: vulnerability-scanner
Silver
Mass scan IPs for vulnerable services
Stars: ✭ 588 (-22.22%)
Mutual labels: vulnerability-scanner
Cwe checker
cwe_checker finds vulnerable patterns in binary executables
Stars: ✭ 372 (-50.79%)
Mutual labels: vulnerability-scanner
Meiam.system
.NET 5 / .NET Core 3.1 WebAPI + Vue 2.0 + RBAC 企业级前后端分离权限框架
Stars: ✭ 340 (-55.03%)
Mutual labels: cors
Sifter
Sifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (-46.69%)
Mutual labels: vulnerability-scanner
Node Typescript Koa Rest
REST API boilerplate using NodeJS and KOA2, typescript. Logging and JWT as middlewares. TypeORM with class-validator, SQL CRUD. Docker included. Swagger docs, actions CI and valuable README
Stars: ✭ 739 (-2.25%)
Mutual labels: cors
Flask Cors
Cross Origin Resource Sharing ( CORS ) support for Flask
Stars: ✭ 696 (-7.94%)
Mutual labels: cors
Xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+722.49%)
Mutual labels: vulnerability-scanner
Corsy
CORS Misconfiguration Scanner
Introduction
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
Requirements
Corsy only works with Python 3 and has just one dependency:
requests
To install this dependency, navigate to Corsy directory and execute pip3 install requests
Usage
Using Corsy is pretty simple
python3 corsy.py -u https://example.com
Scan URLs from a file
python3 corsy.py -i /path/urls.txt
Scan URLs from stdin
cat urls.txt | python3 corsy.py
Number of threads
python3 corsy.py -u https://example.com -t 20
Delay between requests
python3 corsy.py -u https://example.com -d 2
Export results to JSON
python3 corsy.py -i /path/urls.txt -o /path/output.json
Custom HTTP headers
python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"
Skip printing tips
-q can be used to skip printing of description, severity, exploitation fields in the output.
Tests implemented
- Pre-domain bypass
- Post-domain bypass
- Backtick bypass
- Null origin bypass
- Unescaped dot bypass
- Underscore bypass
- Invalid value
- Wild card value
- Origin reflection test
- Third party allowance test
- HTTP allowance test
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].