github.com/s0md3v/Corsy
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
Corsy only works with Python 3 and has just one dependency:
requestsTo install this dependency, navigate to Corsy directory and execute pip3 install requests
Using Corsy is pretty simple
python3 corsy.py -u https://example.com
python3 corsy.py -i /path/urls.txt
cat urls.txt | python3 corsy.py
python3 corsy.py -u https://example.com -t 20
python3 corsy.py -u https://example.com -d 2
python3 corsy.py -i /path/urls.txt -o /path/output.json
python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"
-q can be used to skip printing of description, severity, exploitation fields in the output.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.