Corscan is a tool designed to inspect and assess Cross-Origin Resource Sharing (CORS) headers for potential vulnerabilities. It supports single URL checks and batch processing from files.
- Check and analyze CORS headers for vulnerabilities.
- You can run both
crsnandcorscancommands for enhanced flexibility. - Customizable origin for CORS checks (default:
https://evil.com). - Bypass mechanisms for custom origin checks.
- Multi-threaded scanning for faster results (default:
20threads). - Output formats:
textorjson. - Filter results to show only vulnerable entries.
- Save output to a specified file.
Clone the repository:
git clone https://github.com/Angix-Black/Corscan.git
cd Corscan
python3 setup.py install
crsn [options]
Options:
-u, --url Target URL to check CORS headers
-f, --file File containing a list of URLs to check CORS headers
-r, --origin Custom origin to use for the CORS check (default: https://evil.com)
-t, --threads Number of threads to use for scanning (default: 20)
-o, --output File to save the output
--format Output format: text (default) or json
--filter Filter results to show only vulnerable entries
-h, --help Show this help message and exit
Here are some examples of how to use the Croscan Tool with the crsn command:
Check a single URL:
crsn -u https://example.comCheck a list of URLs from a file:
crsn -f urls.txtUse a custom origin for CORS check:
crsn -u https://example.com -r https://myorigin.comUse multiple threads for faster scanning:
crsn -f urls.txt -t 50Save the output to a file:
crsn -f urls.txt -o result.txtOutput in JSON format:
crsn -f urls.txt --format jsonFilter results to show only vulnerable entries:
crsn -f urls.txt --filter