Corscan is a tool designed to inspect and assess Cross-Origin Resource Sharing (CORS) headers for potential vulnerabilities. It supports single URL checks and batch processing from files.

This tool is for ethical hacking, legal, and educational use only. Any illegal use is strictly prohibited.

• Check and analyze CORS headers for vulnerabilities.
• You can run both crsn and corscan commands for enhanced flexibility.
• Customizable origin for CORS checks (default: https://evil.com).
• Bypass mechanisms for custom origin checks.
• Multi-threaded scanning for faster results (default: 20 threads).
• Output formats: text or json.
• Filter results to show only vulnerable entries.
• Save output to a specified file.

Clone the repository:

 
 git clone https://github.com/Angix-Black/Corscan.git
 cd Corscan
 python3 setup.py install

crsn [options]

Options:
-u, --url Target URL to check CORS headers
-f, --file File containing a list of URLs to check CORS headers
-r, --origin Custom origin to use for the CORS check (default: https://evil.com)
-t, --threads Number of threads to use for scanning (default: 20)
-o, --output File to save the output
--format Output format: text (default) or json
--filter Filter results to show only vulnerable entries
-h, --help Show this help message and exit

Here are some examples of how to use the Croscan Tool with the crsn command:

Check a single URL:

 crsn -u https://example.com

Check a list of URLs from a file:

crsn -f urls.txt

Use a custom origin for CORS check:

crsn -u https://example.com -r https://myorigin.com

Use multiple threads for faster scanning:

crsn -f urls.txt  -t 50

Save the output to a file:

crsn -f urls.txt  -o result.txt

Output in JSON format:

crsn -f urls.txt  --format json

Filter results to show only vulnerable entries:

crsn -f urls.txt --filter