Corscan is an advanced tool that detects and analyzes CORS header vulnerabilities with built-in bypass attempts and multi-threaded scanning.
Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
This tool is primarily used by security professionals and ethical hackers to identify and assess Cross-Origin Resource Sharing (CORS) misconfigurations and vulnerabilities in web applications. It supports both single URL checks and batch processing, enabling efficient security audits and automation of CORS security assessments.
This tool is intended strictly for ethical hacking, legal, and educational purposes only; unauthorized or illegal use is prohibited. Users should ensure they have permission to test target URLs to avoid legal issues. Multi-threaded scanning improves speed but may increase network load, so use responsibly.
git clone https://github.com/Angix-Black/Corscan.git
cd Corscan
python3 setup.py installcrsn -u https://example.com
Check CORS headers for a single URL
crsn -f urls.txt
Check CORS headers for a list of URLs from a file
crsn -u https://example.com -r https://myorigin.com
Use a custom origin for the CORS check
crsn -f urls.txt -t 50
Use multiple threads (50) for faster scanning of URLs from a file
crsn -f urls.txt -o result.txt
Save the scan output to a specified file
crsn -f urls.txt --format json
Output scan results in JSON format
crsn -f urls.txt --filter
Filter results to show only vulnerable entries