Corscan: Advanced CORS Vulnerability Detection Tool

Corscan is a tool designed to inspect and assess Cross-Origin Resource Sharing (CORS) headers for potential vulnerabilities. It supports single URL checks and batch processing from files.

Features

• Check and analyze CORS headers for vulnerabilities.
• You can run both crsn and corscan commands for enhanced flexibility.
• Customizable origin for CORS checks (default: https://evil.com).
• Bypass mechanisms for custom origin checks.
• Multi-threaded scanning for faster results (default: 20 threads).
• Output formats: text or json.
• Filter results to show only vulnerable entries.
• Save output to a specified file.

Installation

Clone the repository:

 
 git clone https://github.com/Angix-Black/Corscan.git
 cd Corscan
 python3 setup.py install

Usage

crsn [options]

Options:

-u, --url Target URL to check CORS headers
-f, --file File containing a list of URLs to check CORS headers
-r, --origin Custom origin to use for the CORS check (default: https://evil.com)
-t, --threads Number of threads to use for scanning (default: 20)
-o, --output File to save the output
--format Output format: text (default) or json
--filter Filter results to show only vulnerable entries
-h, --help Show this help message and exit

Examples

Here are some examples of how to use the Croscan Tool with the crsn command:

Check a single URL:

crsn -u https://example.com

Check a list of URLs from a file:

crsn -f urls.txt

Use a custom origin for CORS check:

crsn -u https://example.com -r https://myorigin.com

Use multiple threads for faster scanning:

crsn -f urls.txt  -t 50

Save the output to a file:

crsn -f urls.txt  -o result.txt

Output in JSON format:

crsn -f urls.txt  --format json

Filter results to show only vulnerable entries:

crsn -f urls.txt --filter

Source code:

https://github.com/Angix-Black/Corscan