chenjj / corscanner Goto Github PK
View Code? Open in Web Editor NEW🎯 Fast CORS misconfiguration vulnerabilities scanner
Home Page: https://pypi.org/project/cors/
License: MIT License
🎯 Fast CORS misconfiguration vulnerabilities scanner
Home Page: https://pypi.org/project/cors/
License: MIT License
Hi,
As i tested in portswigger lab - The result is wrong with trust_null.
2020-08-12 17:24:32 INFO Start checking trust_null for https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails
response_header={'access-control-allow-origin': 'null', 'access-control-allow-credentials': 'true', 'content-type': 'application/json; charset=utf-8', 'x-xss-protection': '0', 'content-encoding': 'gzip', 'connection': 'close', 'content-length': '98'}
=> vulnerable
2020-08-12 17:24:34 INFO nothing found for {url: https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails, origin: null, type: trust_null}
=> however nothing found
May you please have a look ?
Have a nice day ^^!
Hello,
First of all thanks for this tool. Dealing with bypasses i also used to test some developer third parties websites like jsfiddle, codepen, github, gitlab, etc.... as origin.
What do you think to add this functionality to your tool ?
Regards,
Why is the output from the site in question really empty
Hi.
Does the CORScanner tool support all the features of the "CORStest" tool?
What's the difference?
Hello,
When running CORScanner on a list with multiple subdomains - the following is being outputed:
2019-10-02 16:24:38 WARNING Found misconfiguration! -1
2019-10-02 16:24:38 WARNING Found misconfiguration! -1
2019-10-02 16:24:39 WARNING Found misconfiguration! -1
2019-10-02 16:24:39 WARNING Found misconfiguration! -1
2019-10-02 16:24:39 WARNING Found misconfiguration! -1
Any idea why is this happening?
Thanks
python 3.9
In [1]: from CORScanner.cors_scan import cors_check
---------------------------------------------------------------------------
RuntimeError Traceback (most recent call last)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load(name, import_)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load_unlocked(name, import_)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _load_unlocked(spec)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap_external.py in exec_module(self, module)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _call_with_frames_removed(f, *args, **kwds)
~/anaconda3/envs/similarity_search_server/lib/python3.9/site-packages/CORScanner/cors_scan.py in <module>
10 from common.logger import Log
---> 11 from common.corscheck import CORSCheck
12
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load(name, import_)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in __exit__(self, *args, **kwargs)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in release(self)
RuntimeError: cannot release un-acquired lock
During handling of the above exception, another exception occurred:
RuntimeError Traceback (most recent call last)
<ipython-input-1-9fd17dbd0daa> in <module>
----> 1 from CORScanner.cors_scan import cors_check
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load(name, import_)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in __exit__(self, *args, **kwargs)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in release(self)
RuntimeError: cannot release un-acquired lock
目标IP不直接可达时,需要走代理,希望增加指定代理服务器功能
Traceback (most recent call last):
File "cors_scan.py", line 6, in
from common.logger import Log
File "C:\..\..\CORScanner-master\common\logger.py", line 1, in
import fcntl
ImportError: No module named fcntl
https://github.com/saucer-man/CORScanner
saucer-man@3af8499
在网上看到了这个,有网友发现没有检测access-control-allow-origin为*的安全问题
Hi Jianjun,
Hope you're well. Using CORScanner on a big scope i realized that i have a lot of false positive on 404 pages returning a permissive CORS. What do you think to add the last response status code in the json result in order to let people filter on code 200 for example?
Have a nice day.
Thanks for the useful package! One thing though:
> pip install cors
I think is somewhat misleading and probably confusing for package maintainers who include this package, because I’m not including CORS but a CORS scanner. So, could you please rename the package
Line 6 in 332ca14
from cors
to corscanner
such that:
> pip install corscanner
In the common/corscheck.py
file, when the request is sent in the send_req
method, the allow_redirects parameter is set to True
. What are the considerations for this design? When detecting domain name A, if there is a redirection, I think the response from the first request should be used to determine whether the vulnerability exists, because after redirecting to domain B, the access-control-allow-origin
parameter is set by domain B, it can no longer reflect the CORS status of the domain A.
Traceback (most recent call last):
File "/usr/share/command-not-found/CommandNotFound/util.py", line 23, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
cnf = CommandNotFound.CommandNotFound(options.data_dir)
File "/usr/share/command-not-found/CommandNotFound/CommandNotFound.py", line 79, in init
self.db = SqliteDatabase(dbpath)
File "/usr/share/command-not-found/CommandNotFound/db/db.py", line 12, in init
self.con = sqlite3.connect(filename)
sqlite3.OperationalError: unable to open database file
'Session' object has no attribute 'mount'
Finished CORS scanning...
Much as I like the cors
Python module, and I appreciate the careful dedication of its author, the huge banner violates a core principal of UNIX / Linux program design. I wish the author would remove it, or only generate it when a user elects to display it by providing a command-line option.
Expect the output of every program to become the input to another, as yet unknown, program.
Don't clutter output with extraneous information.– Doug McIlroy, the inventor of UNIX pipes and one of the founders of the UNIX tradition, from which Linux has evolved.
You can filter out the banner with the following code (might not work on macOS):
cors -u example.com | sed -n '/^Starting/,$p'
I wrote about this in my blog.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.