Description
Corsy detects CORS (Cross-Origin Resource Sharing) misconfigurations. It checks for various common misconfigurations that can lead to data exfiltration, including wildcard origins, null origin trust, and pre-domain/post-domain wildcards.
Installation
BASH
git clone https://github.com/s0md3v/Corsy.git
cd Corsy
pip3 install -r requirements.txtBasic Usage
BASH
# Scan single URL
python3 corsy.py -u https://target.com
# Scan from file
python3 corsy.py -i urls.txt
# With custom headers
python3 corsy.py -u https://target.com -H "Cookie: session=abc123"Advanced Usage
BASH
# Custom threads
python3 corsy.py -i urls.txt -t 20
# Output to file
python3 corsy.py -i urls.txt -o results.json
# With delay between requests
python3 corsy.py -i urls.txt -d 2Common Workflows
BASH
# Recon → CORS scan pipeline
subfinder -d target.com -silent | httpx -silent | tee alive.txt
python3 corsy.py -i alive.txt -t 20 -o cors_findings.json
# Check specific endpoints
cat urls.txt | grep "api\|v1\|v2" | python3 corsy.py -i /dev/stdinWhat It Checks
- Reflected origin (most dangerous)
- Null origin allowed
- Pre-domain wildcard (
*.target.com) - Post-domain wildcard (
target.com.*) - Unescaped dots in origin regex
- Third-party trust
- HTTP origin on HTTPS endpoint