CORScanner – CORS Vulnerabilities Scanner
CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies.

Some of the supported features with this tool are:
- Fast. It uses gevent instead of Python threads for concurrency, which is much faster for network scanning.
- Comprehensive. It covers all the common types of CORS misconfigurations we know.
- Flexible. It supports various self-define features (e.g. file output), which is helpful for large-scale scanning.
This tool covers the following misconfiguration types:
- Reflect_any_origin – Blindly reflect the Origin header value in
Access-Control-Allow-Origin headers
in responses, which means any website can read its secrets by sending cross-orign requests. - Prefix_match –
wwww.example.com
trustsexample.com.evil.com
, which is an attacker’s domain. - Suffix_match –
wwww.example.com
trustsevilexample.com
, which could be registered by an attacker. - Not_escape_dot –
wwww.example.com
trustswwwaexample.com
, which could be registered by an attacker. - Substring match –
wwww.example.com
trustsexample.co
, which could be registered by an attacker. - Trust_null –
wwww.example.com
trustsnull
, which can be forged by iframe sandbox scripts - HTTPS_trust_HTTP – Risky trust dependency, a MITM attacker may steal HTTPS site secrets
- Trust_any_subdomain – Risky trust dependency, a subdomain XSS may steal its secrets
- custom_third_parties – Custom unsafe third parties origins like
github.io
You can read more and download this tool over here: https://github.com/chenjj/CORScanner
Subscribe
0 Comments