CORScanner – CORS Vulnerabilities Scanner

CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies.

CORScanner - Fast CORS Misconfiguration Vulnerabilities Scanner
CORScanner – Fast CORS Misconfiguration Vulnerabilities Scanner

Some of the supported features with this tool are:

  • Fast. It uses gevent instead of Python threads for concurrency, which is much faster for network scanning.
  • Comprehensive. It covers all the common types of CORS misconfigurations we know.
  • Flexible. It supports various self-define features (e.g. file output), which is helpful for large-scale scanning.

This tool covers the following misconfiguration types:

  • Reflect_any_origin – Blindly reflect the Origin header value in Access-Control-Allow-Origin headers in responses, which means any website can read its secrets by sending cross-orign requests.
  • Prefix_match – wwww.example.com trusts example.com.evil.com, which is an attacker’s domain.
  • Suffix_match – wwww.example.com trusts evilexample.com, which could be registered by an attacker.
  • Not_escape_dot – wwww.example.com trusts wwwaexample.com, which could be registered by an attacker.
  • Substring match – wwww.example.com trusts example.co, which could be registered by an attacker.
  • Trust_null – wwww.example.com trusts null, which can be forged by iframe sandbox scripts
  • HTTPS_trust_HTTP – Risky trust dependency, a MITM attacker may steal HTTPS site secrets
  • Trust_any_subdomain – Risky trust dependency, a subdomain XSS may steal its secrets
  • custom_third_parties – Custom unsafe third parties origins like github.io

You can read more and download this tool over here: https://github.com/chenjj/CORScanner

Share