CORStest — Exploitation | Tools

Description

CORStest is a lightweight scanner that checks for CORS misconfigurations across a list of domains. It tests for dangerous configurations like reflected origins, null origin trust, and wildcard policies that could allow cross-origin data theft.

Installation

BASH

                            git clone https://github.com/RUB-NDS/CORStest.git
cd CORStest
pip3 install -r requirements.txt
                        

Basic Usage

BASH

                            # Test single URL
python3 corstest.py https://target.com

# Test from file
python3 corstest.py -i urls.txt
                        

Advanced Usage

                        BASH
                        
                            # Custom origin to test
python3 corstest.py https://target.com -o https://evil.com

# Threads
python3 corstest.py -i urls.txt -t 20

# Output results
python3 corstest.py -i urls.txt > cors_results.txt

# Test with null origin
python3 corstest.py https://target.com -o null

Common Workflows

                        BASH
                        
                            # Scan all subdomains for CORS misconfig
subfinder -d target.com -silent | httpx -silent > alive.txt
python3 corstest.py -i alive.txt -t 20

# Check API endpoints specifically
cat urls.txt | grep -i "api\|v1\|v2\|graphql" | python3 corstest.py -i /dev/stdin