rub-nds / corstest Goto Github PK
View Code? Open in Web Editor NEWA simple CORS misconfiguration scanner
Home Page: http://web-in-security.blogspot.de/2017/07/cors-misconfigurations-on-large-scale.html
License: GNU General Public License v2.0
A simple CORS misconfiguration scanner
Home Page: http://web-in-security.blogspot.de/2017/07/cors-misconfigurations-on-large-scale.html
License: GNU General Public License v2.0
Added to Blackarch: BlackArch/blackarch#1726
Feel free to change or inform me if any changes are needed.
Am getting below error, can you please help to resolve?
OS:Win 7
Traceback (most recent call last):
File "C:\Users\kandasam\CORStest\corstest.py", line 112, in
main()
File "C:\Users\kandasam\CORStest\corstest.py", line 31, in main
try: pool.map_async(check, urls).get(2**32)
File "C:\Users\kandasam.windows-build-tools\python27\lib\multiprocessing\pool.py", line 567, in get
raise self._value
NameError: global name 'args' is not defined
Hi, I'm wondering if you will be upgrading the tool soon.
As you might be aware, all linux distributions removing python2 starting from this year.
So we (Pentoo) have no choice but to remove all packages which support python2 only.
when user run it as
python corstest.py -q domain.com
then it is showing an error -
File "corstest.py", line 26
except (IOError, ValueError) as e: print e; return
^
despite the importance of the tool and it's purpose ( I really appreciate it ) but the results was not promising in some situation, for example on trying the tool
the result was as above and the cause was presented 0a7600c1033c1375c0b5ac1800ae0002.web-security-academy.net/my-account - Not vulnerable: Access-Control-Allow-Origin header not present
while I (the solution OC) just added the Origin: hello.com
header to detect it
I suggest with โค U may add the header automatically if not presented in the original request that could increase the chance to detect the Vulnerability .
I want to test it on my router ...
What are the required steps ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.