Vulnerability Analysis

CorsMe – Cross Origin Resource Sharing MisConfiguration Scanner

CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner


A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

  • Reflect Origin checks
  • Prefix Match
  • Suffix Match
  • Not Esacped Dots
  • Null
  • ThirdParties (Like =>, etc.)
  • SpecialChars (Like => “}”,”(“, etc.)

How to Install

$ go get -u

Single Url

echo "" | ./Corsme   

Multiple Url

cat http_https.txt | ./CorsMe -t 70  

Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 --wildcard  

Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...."  


cat subdomains.txt | ./httprobe -c 70 -p 80,443,8080,8081,8089 | tee http_https.txt  cat http_https.txt | ./CorsMe -t 70  



  • Scanner stores the error results as “error_requests.txt”… which contains hosts which cannot be requested

Idea for making this tools are taken from :


About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: