CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies.

Some of the supported features with this tool are:

• Fast. It uses gevent instead of Python threads for concurrency, which is much faster for network scanning.
• Comprehensive. It covers all the common types of CORS misconfigurations we know.
• Flexible. It supports various self-define features (e.g. file output), which is helpful for large-scale scanning.

This tool covers the following misconfiguration types:

• Reflect_any_origin – Blindly reflect the Origin header value in Access-Control-Allow-Origin headers in responses, which means any website can read its secrets by sending cross-orign requests.
• Prefix_match – wwww.example.com trusts example.com.evil.com, which is an attacker’s domain.
• Suffix_match – wwww.example.com trusts evilexample.com, which could be registered by an attacker.
• Not_escape_dot – wwww.example.com trusts wwwaexample.com, which could be registered by an attacker.
• Substring match – wwww.example.com trusts example.co, which could be registered by an attacker.
• Trust_null – wwww.example.com trusts null, which can be forged by iframe sandbox scripts
• HTTPS_trust_HTTP – Risky trust dependency, a MITM attacker may steal HTTPS site secrets
• Trust_any_subdomain – Risky trust dependency, a subdomain XSS may steal its secrets
• custom_third_parties – Custom unsafe third parties origins like github.io

You can read more and download this tool over here: https://github.com/chenjj/CORScanner