Corscan is a tool designed to inspect and assess Cross-Origin Resource Sharing (CORS) headers for potential vulnerabilities. It supports single URL checks and batch processing from files.
- Check and analyze CORS headers for vulnerabilities.
- You can run both
crsnandcorscancommands for enhanced flexibility. - Customizable origin for CORS checks (default:
https://evil). - Bypass mechanisms for custom origin checks.
- Multi-threaded scanning for faster results (default:
20threads). - Output formats:
textorjson. - Filter results to show only vulnerable entries.
- Save output to a specified file.
Clone the repository:
git clone https://github /Angix-Black/Corscan.git
cdCorscan
Python 3 setup.py install
crsn [options]
Options:
-u, --urlTarget URL to check CORS headers
-f, --fileFile containing a list of URLs to check CORS headers
-r, --originCustom origin to use for the CORS check (default:https://evil)
-t, --threadsNumber of threads to use for scanning (default:20)
-o, --outputFile to save the output
--formatOutput format:text(default) orjson
--filterFilter results to show only vulnerable entries
-h, --helpShow this help message and exit
Here are some examples of how to use the Croscan Tool with thecrsncommand:
Check a single URL:
crsn -u https://exampleCheck a list of URLs from a file:
crsn -f urls.txtUse a custom origin for CORS check:
crsn -u https://example -r https://myoriginUse multiple threads for faster scanning:
crsn -f urls.txt -t 50Save the output to a file:
crsn -f urls.txt -o result.txtOutput in JSON format:
crsn -f urls.txt --format jsonFilter results to show only vulnerable entries:
crsn -f urls.txt --filter