Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Usage
Using Corsy is pretty simple
python corsy.py -u https://example.com
A delay between consecutive requests can be specified with -d option.

Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later.

Tests implemented

• Pre-domain bypass
• Post-domain bypass
• Backtick bypass
• Null origin bypass
• Unescaped dot bypass
• Invalid value
• Wild card value
• Origin reflection test
• Third party allowance test
• HTTP allowance test

Support the developer
Liked the project? Donate a few bucks to motivate me to keep writing code for free.

• Paypal - https://paypal.me/s0md3v
• Credit/Debit Card - https://www.buymeacoffee.com/s0md3v