Corsy
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.
Tests implemented
- Pre-domain bypass
- Post-domain bypass
- Backtick bypass
- Null origin bypass
- Invalid value
- Wild card value
- Origin reflection test
- Third-party allowance test
- HTTP allowance test
Install
git clone https://github.com/s0md3v/Corsy.git
Use
python corsy.py -u https://example.com
Copyright (C) 2019 s0md3v
Source: https://github.com/s0md3v/
The post Corsy: CORS Misconfiguration Scanner appeared first on Penetration Testing.
