s0md3v/Corsy

Stars
1,335
Rank 35,213 (Top 0.7 %)
Language
Python
License
GNU General Publi...
Created almost 5 years ago
Updated about 2 years ago

s0md3v/Corsy

s0md3v

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

CORS Misconfiguration Scanner

Corsy

CORS Misconfiguration Scanner

Introduction

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations.

Requirements

Corsy only works with Python 3 and has just one dependency:

requests

To install this dependency, navigate to Corsy directory and execute pip3 install requests

Usage

Using Corsy is pretty simple

python3 corsy.py -u https://example.com

Scan URLs from a file

python3 corsy.py -i /path/urls.txt

Scan URLs from stdin

cat urls.txt | python3 corsy.py

Number of threads

python3 corsy.py -u https://example.com -t 20

Delay between requests

python3 corsy.py -u https://example.com -d 2

Export results to JSON

python3 corsy.py -i /path/urls.txt -o /path/output.json

Custom HTTP headers

python3 corsy.py -u https://example.com --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"

Skip printing tips

-q can be used to skip printing of description, severity, exploitation fields in the output.

Tests implemented

Pre-domain bypass
Post-domain bypass
Backtick bypass
Null origin bypass
Unescaped dot bypass
Underscore bypass
Invalid value
Wild card value
Origin reflection test
Third party allowance test
HTTP allowance test

roop

one-click face swap

XSStrike

Most advanced XSS scanner.

Photon

Incredibly fast crawler designed for OSINT.

Arjun

HTTP parameter discovery suite.

AwesomeXSS

Awesome XSS stuff

sd-webui-roop

roop extension for StableDiffusion web-ui

Smap

a drop-in replacement for Nmap powered by shodan.io

Striker

Striker is an offensive information and vulnerability scanner.

be-a-hacker

roadmap for a self-taught hacker

ReconDog

Reconnaissance Swiss Army Knife

Hash-Buster

Crack hashes in seconds.

huepy

Print awesomely in terminals.

uro

declutters url lists for crawling/pentesting

Silver

Mass scan IPs for vulnerable services

Decodify

Detect and decode encoded strings, recursively.

Diggy

Extract endpoints from apk files.

Blazy

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

Breacher

An advanced multithreaded admin panel finder written in python.

ote

Generate Email, Register for anything, Get the OTP/Link

goop

Google Search Scraper

Parth

Heuristic Vulnerable Parameter Scanner

Zen

Find emails of Github users

Bolt

Orbit

Blockchain Transactions Investigation Tool

JShell

JShell - Get a JavaScript shell with XSS.

MyPapers

Repository for hosting my research papers

Cloak

Cloak can backdoor any python script with some tricks.

nano

Nano is a family of PHP web shells which are code golfed for stealth.

sqlmate

A friend of SQLmap which will do what you always expected from SQLmap.

SubGPT

Find subdomains with GPT, for free

dump

Stuff that doesn't deserves its own repository.

hardcodes

find hardcoded strings from source code

Quark

Quark is a data visualization framework.

proxify

A python module for dumping usable proxies.

Predator

Anti-Automation System

Shiva

Improved DOS exploit for wordpress websites (CVE-2018-6389)

velocity

DNS caching for humans

ifnude

nudity detector that works

zetanize

HTML form parser for humans.

rewise

Google auto-complete wrapper

Locky

Locky generates "really" strong yet easy to remember passwords.

Entropy

Entropy is a (prototype) WAF driven by maths.

meta

Explains and tests HTTP response headers

fonetic-go

golang implementation of fonetic (https://github.com/s0md3v/fonetic)

fonetic

assess pronounciblity of text

shades

wl

convert case style of words

s0md3v.github.io

my personal blog

s0md3v

dishtance

.github

my default .github files

BG3-Mutant

Mod for Baldur's Gate 3 that adds a Mutant class to the game.