Skip to content

Home

Jump to bottom
YogSec edited this page Feb 16, 2025 · 2 revisions

CorsScan Wiki

Overview

CorsScan is a robust and efficient Bash script designed to detect Cross-Origin Resource Sharing (CORS) vulnerabilities in web applications. CORS misconfigurations can expose sensitive data and lead to security risks like unauthorized access and exploitation. CorsScan helps developers and security researchers identify and mitigate such issues with ease.

Why CORS Matters

Cross-Origin Resource Sharing (CORS) is a critical security mechanism that determines how web applications share resources across different origins. Misconfigurations can lead to:

  • Exposure of sensitive information to malicious origins.
  • Permitting unsafe HTTP methods (e.g., PUT, DELETE).
  • Bypassing the Same-Origin Policy (SOP).

CorsScan automates the detection of such vulnerabilities, saving time and reducing human error.

Key Features

  • Banner Display: User-friendly banner at script startup.
  • Concurrent Execution: Processes multiple URLs simultaneously for speed.
  • Comprehensive Checks: Analyzes various CORS misconfigurations.
  • Customizable: Easily adaptable to different testing scenarios.

What CorsScan Detects

  • Wildcard * in Access-Control-Allow-Origin header.
  • Reflection of Origin header in Access-Control-Allow-Origin.
  • Unsafe methods like PUT, DELETE in Access-Control-Allow-Methods.
  • Allowing all headers in Access-Control-Allow-Headers.
  • Misuse of credentials with Access-Control-Allow-Credentials: true.

Prerequisites

  • Bash (pre-installed on Linux and macOS systems).
  • curl command-line tool.

Installation

  1. Clone the repository: 
    git clone https://github.com/YogSec/CorsScanner.git
cd CorsScanner
  2. Make the script executable: 
    chmod +x cors.sh

Usage

Display Help

./cors.sh -h

Output:

##########################################
#              CorsScan                #
#      CORS Vulnerability Scanner      #
##########################################
Usage: ./cors.sh [OPTIONS]
Options:
  -h          Show help section.
  -w <path>   Execute the code with the specified wordlist path.
  -s <file>   Save the output to the specified file.
  -v          Show script version.

Scan URLs

./cors.sh -w path/to/wordlist

Example:

./cors.sh -w urls.txt

Save Output to File

./cors.sh -w path/to/wordlist -s output.txt

Example:

./cors.sh -w urls.txt -s results.txt

Display Version

./cors.sh -v

Example Wordlist

https://example.com
https://test.com
https://vulnerable.com

Sample Output

https://vulnerable.com has CORS misconfiguration: wildcard (*) in Access-Control-Allow-Origin
https://test.com reflects the origin in Access-Control-Allow-Origin
https://example.com allows unsafe methods in Access-Control-Allow-Methods: DELETE
https://vulnerable.com allows credentials with Access-Control-Allow-Credentials: true

Benefits

  • Enhanced Security: Quickly detects and addresses CORS issues.
  • Time-Efficient: Automates manual checks.
  • Scalability: Handles large URL lists.
  • Flexible: Easily modifiable for various needs.

About the Developer

Hi! I am Abhinav Singwal, a security researcher dedicated to helping the community secure their applications.

Support

If you find CorsScan helpful, consider supporting my work:

[Buy Me a Coffee](https://www.buymeacoffee.com/abhinavsingwal)

Thank you for your support! Together, we can build a safer web.

Clone this wiki locally