itsMe Posted June 24, 2019 Share Posted June 24, 2019 This is the hidden content, please Sign In or Sign Up About CORScanner CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies. The correct configuration of CORS policy is critical to website security, but CORS configurations have many error-prone corner cases. Web developers who are not aware of these corner cases are likely to make mistakes. Thus, we summarize different common types of CORS misconfigurations and integrate them into this tool, to help developers/security-practitioners quickly locate and detect such security issues. Features Fast. It uses gevent instead of Python threads for concurrency, which is much faster for network scanning. Comprehensive. It covers all the common types of CORS misconfigurations we know. Flexible. It supports various self-define features (e.g. file output), which is helpful for large-scale scanning. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts