CORSniper is an advanced, next-generation CORS (Cross-Origin Resource Sharing) vulnerability scanner designed for penetration testers and security professionals. It detects misconfigurations and vulnerabilities in CORS implementations that could lead to data leaks, unauthorized access, or exploitation.
- Fast and Deep Scanning Modes: Choose between rapid scanning and comprehensive analysis.
- Threat Intelligence Integration: Uses an up-to-date vulnerability database to identify known issues.
- Exploit Proof-of-Concept (PoC) Generation: Automatically creates JavaScript-based PoCs for discovered vulnerabilities.
- Advanced Header Analysis: Detects reflected origins, wildcard misconfigurations, and dangerous methods.
- Customizable Payloads: Uses a diverse set of payloads to simulate real-world attacks.
- HTML, JSON, and Text Reporting: Generates detailed reports for further analysis.
Ensure you have Python 3.10+ installed. Install dependencies with:
pip install -r requirements.txtScan a single target with default settings:
python corsniper.py -t https://example.comPerform a deep scan with a custom origin and output format:
python corsniper.py -t https://example.com -o "https://attacker.com" -m deep -O jsonScan multiple targets from a file:
python corsniper.py -t urls.txtKeep the vulnerability database updated:
python corsniper.py --update[+] Scanning https://example.com
[*] Testing CORS misconfiguration...
[!] Vulnerable: Reflected Origin Detected
[*] Exploit PoC Generated: report.html
- Sends HTTP requests with different Origin headers.
- Analyzes responses for CORS misconfigurations.
- Checks against a vulnerability database.
- Generates PoC scripts for exploitation.
- Wildcard with Credentials:
Access-Control-Allow-Origin: *withAccess-Control-Allow-Credentials: true. - Reflected Origins: When the server reflects any requested origin.
- Null Origin Policy Bypass: Accepting
Origin: null. - Overly Permissive Methods: Accepting
PUT,DELETE, orPATCH. - Insecure Allowed Headers: Sensitive headers exposed via
Access-Control-Allow-Headers.
- Add automatic exploitation modules.
- Expand threat intelligence sources.
- Implement real-time monitoring.
This tool is for educational and authorized security testing purposes only. Unauthorized use against systems without explicit permission is illegal.
CORSniper is released under the MIT License.
CORSniper provides multiple scanning options, allowing users to test for CORS misconfigurations efficiently. Below are different ways to use the tool.
To scan a single website with the default settings, run:
python corsniper.py -t https://example.com-t https://example.comspecifies the target URL to test.- By default, CORSniper will send requests with the origin set to
https://evil.comto check for vulnerabilities. - The results will be displayed in the terminal.
For a more in-depth analysis, users can specify additional parameters:
python corsniper.py -t https://example.com -o "https://attacker.com" -m deep -O json-o "https://attacker.com": Sets a custom origin header instead of the defaulthttps://evil.com.-m deep: Enables deep scanning mode, which tests multiple HTTP methods (GET,POST,PUT,DELETE, etc.), increasing detection accuracy.-O json: Outputs results in JSON format for easier integration with other tools.
If you need to scan multiple targets, create a text file (urls.txt) with each target on a new line:
https://site1.com
https://site2.com
https://site3.com
Then, run:
python corsniper.py -t urls.txt- This tells CORSniper to read the file and scan each target sequentially.
- The results will be presented in the terminal or saved in the specified output format.
CORSniper maintains an internal vulnerability database to enhance detection accuracy. To update this database:
python corsniper.py --update- This fetches the latest threat intelligence from online sources.
- Ensures the scanner detects newly discovered CORS misconfigurations.