Corscan is a tool designed to inspect and assess Cross-Origin Resource Sharing (CORS) headers for potential vulnerabilities. It supports single URL checks and batch processing from files.
This tool is for ethical hacking, legal, and educational use only. Any illegal use is strictly prohibited.
- Check and analyze CORS headers for vulnerabilities.
- You can run both
crsnandcorscancommands for enhanced flexibility. - Customizable origin for CORS checks (default:
https://evil.com). - Bypass mechanisms for custom origin checks.
- Multi-threaded scanning for faster results (default:
20threads). - Output formats:
textorjson. - Filter results to show only vulnerable entries.
- Save output to a specified file.
Clone the repository:
git clone https://github.com/Angix-Black/Corscan.git
cd Corscan
python3 setup.py install
crsn [options]
Options:
-u, --url Target URL to check CORS headers
-f, --file File containing a list of URLs to check CORS headers
-r, --origin Custom origin to use for the CORS check (default: https://evil.com)
-t, --threads Number of threads to use for scanning (default: 20)
-o, --output File to save the output
--format Output format: text (default) or json
--filter Filter results to show only vulnerable entries
-h, --help Show this help message and exit
Here are some examples of how to use the Croscan Tool with the crsn command:
Check a single URL:
crsn -u https://example.comCheck a list of URLs from a file:
crsn -f urls.txtUse a custom origin for CORS check:
crsn -u https://example.com -r https://myorigin.comUse multiple threads for faster scanning:
crsn -f urls.txt -t 50Save the output to a file:
crsn -f urls.txt -o result.txtOutput in JSON format:
crsn -f urls.txt --format jsonFilter results to show only vulnerable entries:
crsn -f urls.txt --filter