Home
Softono
CORS-Scanner

CORS-Scanner

Open source Go
GitHub
30
Stars
13
Forks
1
Issues
4
Watchers
5 years
Last Commit
Vulnerability Scanning

About CORS-Scanner

CORS-Scanner is a command-line tool written in Go that discovers CORS (Cross-Origin Resource Sharing) misconfiguration vulnerabilities in web applications. It tests target URLs for common CORS flaws such as reflected origins with credentials enabled and wildcard origin configurations that could allow unauthorized cross-origin access. The tool accepts line-delimited domains via stdin, making it easy to integrate into reconnaissance pipelines with tools like httprobe. Users can customize the Origin header and optionally include cookies for testing credentialed requests. CORS-Scanner outputs clear vulnerability indicators for each affected URL, flagging the type of misconfiguration found. It is useful for security researchers, penetration testers, and bug bounty hunters performing web application security assessments to identify and report insecure CORS implementations.

Platforms

Web Self-hosted

Languages

Go

Links

Source Code
t
Published by
tanmay-n
Visit View Profile

README.md

View on GitHub

CORS-Scanner

CORS misconfiguration scanner

CORS-Scanner is written in go, designed to discover CORS misconfigurations vulnerabilities of web application.

Installation

If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH): you can install CORS-Scanner with go get:

▶ go get -u github.com/Tanmay-N/CORS-Scanner

Usage

CORS-Scanner -h 

  -o string
        Set the Origin Header (Default=evil.collrabrator.com) (default "evil.collrabrator.com")
  -s string
        Set the Cookie if required! (Default=Nill) (default "session=nulll")

CORS-Scanner accepts line-delimited domains on stdin:

▶ cat recon/example/domains.txt | httprobe > CORS-domain.txt
http://cors-test.example.com/test
https://logcollector.api.example.com
https://cloudcore.api.example.com
https://photo.api.example.com
▶ cat CORS-domain.txt | CORS-Scanner
[VULN - Found Misconfigured! Relefected Origin With Credentials True] Reflected Origin: evil.collrabrator.com, credentials: true, - URL: http://cors-test.example.com/test
[VULN - Found Misconfigured! Relefected Origin With Credentials True] Reflected Origin: evil.collrabrator.com, credentials: true, - URL: https://example.com/Account/Login?ReturnUrl=%2f
[VULN - Found Misconfigured! configured with Wildcard (*)] https://logcollector.api.example.com
[VULN - Found Misconfigured! configured with Wildcard (*)] https://cloudcore.api.example.com
[VULN - Found Misconfigured! configured with Wildcard (*)] https://photo.api.example.com

Discover CORS misconfigurations for particular host: 

 ▶ echo "https://example.com/" | CORS-Scanner