CorsMe – Cross Origin Resource Sharing MisConfiguration Scanner

June 26, 2020
CorsMe 1 banner

A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

  • Reflect Origin checks
  • Prefix Match
  • Suffix Match
  • Not Esacped Dots
  • Null
  • ThirdParties (Like => github.io, repl.it etc.)
    • Taken from Chenjj’s github repo
  • SpecialChars (Like => “}”,”(“, etc.)
    • See more in Advanced CORS Exploitation Techniques

How to Install

$ go get -u github.com/shivangx01b/CorsMe

Usage
Single Url

echo "https://example.com" | ./Corsme

Multiple Url

cat http_https.txt | ./CorsMe -t 70

Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 --wildcard

Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...."

Tip

cat subdomains.txt | ./httprobe -c 70 -p 80,443,8080,8081,8089 | tee http_https.txt  cat http_https.txt | ./CorsMe -t 70

Screenshot

CorsMe 5 action

Note:

  • Scanner stores the error results as “error_requests.txt”… which contains hosts which cannot be requested

Idea for making this tools are taken from :
CORScanner
Corsy
cors-blimey

Download CorsMe

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , ,

You may have missed

image

CACTUS Ransomware Victim: https://www[.]xdconnects[.]com/

April 19, 2024
iStock 154974489

Cyber Assessment Framework 3.2

April 19, 2024
hkcert

Palo Alto Products Remote Code Execution Vulnerability

April 19, 2024
HIBP Banner 1

Le Slip Français – 1,495,127 breached accounts

April 19, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 19, 2024