Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Corsy only works with To install this dependency, navigate to Corsy directory and execute Using Corsy is pretty simplePython 3
and has just one dependency:requests
pip3 install requests
python3 corsy.py -u https://example.com
python3 corsy.py -i /path/urls.txt
cat urls.txt | python3 corsy.py
python3 corsy.py -u https://example.com -t 20
python3 corsy.py -u https://example.com -d 2
python3 corsy.py -i /path/urls.txt -o /path/output.json
python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"
-q
can be used to skip printing of description
, severity
, exploitation
fields in the output.