Corsy

Corsy Agent Setup for scans for all known misconfigurations in CORS

Corsy Command

Using {{domain}} ReconNess replace {{domain}} for the subdomain.

python3 corsy.py -u https://{{domain}}

Click here to know more about Cursy

This Agent run in each subdomain.

Corsy Script

using ReconNess.Core.Models;
if (lineInput.Contains("Class:") || lineInput.Contains("Description:") || lineInput.Contains("Severity:") ||
lineInput.Contains("Exploitation:") || lineInput.Contains("ACAO Header:") || lineInput.Contains("ACAC Header:"))
{
return new ScriptOutput
{
Note = lineInput.Replace("-", "")
};
}
return new ScriptOutput();

Check the Readme on GitHub to know more about the Script.

Corsy Dockerfile Entry

# -------- Agents dependencies --------
# To allow run corsy inside the docker
RUN apt-get update && apt-get install -y git python3 python3-pip
RUN git clone https://github.com/s0md3v/Corsy.git
RUN cd Corsy && pip3 install -r requirements.txt
# -------- End Agents dependencies --------

Corsy Command for Docker

python3 /app/Corsy/corsy.py -u https://{{domain}}