chenjj / corscanner Goto Github PK

Thanks for the useful package! One thing though:

> pip install cors

I think is somewhat misleading and probably confusing for package maintainers who include this package, because I’m not including CORS but a CORS scanner. So, could you please rename the package

from cors to corscanner such that:

> pip install corscanner

I think colored font is not supported that's causing this.

Hello,

When running CORScanner on a list with multiple subdomains - the following is being outputed:

2019-10-02 16:24:38 WARNING Found misconfiguration! -1
2019-10-02 16:24:38 WARNING Found misconfiguration! -1
2019-10-02 16:24:39 WARNING Found misconfiguration! -1
2019-10-02 16:24:39 WARNING Found misconfiguration! -1
2019-10-02 16:24:39 WARNING Found misconfiguration! -1

Any idea why is this happening?
Thanks

please help he how to resolve this issue ?

Traceback (most recent call last):
File "/usr/share/command-not-found/CommandNotFound/util.py", line 23, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
cnf = CommandNotFound.CommandNotFound(options.data_dir)
File "/usr/share/command-not-found/CommandNotFound/CommandNotFound.py", line 79, in init
self.db = SqliteDatabase(dbpath)
File "/usr/share/command-not-found/CommandNotFound/db/db.py", line 12, in init
self.con = sqlite3.connect(filename)
sqlite3.OperationalError: unable to open database file

Hi.

Does the CORScanner tool support all the features of the "CORStest" tool?

What's the difference?

In the common/corscheck.py file, when the request is sent in the send_req method, the allow_redirects parameter is set to True. What are the considerations for this design? When detecting domain name A, if there is a redirection, I think the response from the first request should be used to determine whether the vulnerability exists, because after redirecting to domain B, the access-control-allow-origin parameter is set by domain B, it can no longer reflect the CORS status of the domain A.

Hi Jianjun,

Hope you're well. Using CORScanner on a big scope i realized that i have a lot of false positive on 404 pages returning a permissive CORS. What do you think to add the last response status code in the json result in order to let people filter on code 200 for example?

Have a nice day.

'Session' object has no attribute 'mount'
Finished CORS scanning...

Traceback (most recent call last):
File "cors_scan.py", line 6, in
from common.logger import Log
File "C:\..\..\CORScanner-master\common\logger.py", line 1, in
import fcntl
ImportError: No module named fcntl

https://github.com/saucer-man/CORScanner
saucer-man@3af8499
在网上看到了这个，有网友发现没有检测access-control-allow-origin为*的安全问题

Hi,

As i tested in portswigger lab - The result is wrong with trust_null.

2020-08-12 17:24:32 INFO Start checking trust_null for https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails

response_header={'access-control-allow-origin': 'null', 'access-control-allow-credentials': 'true', 'content-type': 'application/json; charset=utf-8', 'x-xss-protection': '0', 'content-encoding': 'gzip', 'connection': 'close', 'content-length': '98'}
=> vulnerable
2020-08-12 17:24:34 INFO nothing found for {url: https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails, origin: null, type: trust_null}
=> however nothing found

May you please have a look ?
Have a nice day ^^!

Hello,

First of all thanks for this tool. Dealing with bypasses i also used to test some developer third parties websites like jsfiddle, codepen, github, gitlab, etc.... as origin.

What do you think to add this functionality to your tool ?

Regards,

目标IP不直接可达时，需要走代理，希望增加指定代理服务器功能

python 3.9

In [1]: from CORScanner.cors_scan import cors_check
---------------------------------------------------------------------------
RuntimeError                              Traceback (most recent call last)
~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load(name, import_)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load_unlocked(name, import_)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _load_unlocked(spec)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap_external.py in exec_module(self, module)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _call_with_frames_removed(f, *args, **kwds)

~/anaconda3/envs/similarity_search_server/lib/python3.9/site-packages/CORScanner/cors_scan.py in <module>
     10 from common.logger import Log
---> 11 from common.corscheck import CORSCheck
     12 

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load(name, import_)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in __exit__(self, *args, **kwargs)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in release(self)

RuntimeError: cannot release un-acquired lock

During handling of the above exception, another exception occurred:

RuntimeError                              Traceback (most recent call last)
<ipython-input-1-9fd17dbd0daa> in <module>
----> 1 from CORScanner.cors_scan import cors_check

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in _find_and_load(name, import_)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in __exit__(self, *args, **kwargs)

~/anaconda3/envs/similarity_search_server/lib/python3.9/importlib/_bootstrap.py in release(self)

RuntimeError: cannot release un-acquired lock

The cors documentation conflates the words URL and origin. Everywhere the word URL appears in the documentation, the word origin should be understood.

I write about this in my blog post.

Why is the output from the site in question really empty

Much as I like the cors Python module, and I appreciate the careful dedication of its author, the huge banner violates a core principal of UNIX / Linux program design. I wish the author would remove it, or only generate it when a user elects to display it by providing a command-line option.

Expect the output of every program to become the input to another, as yet unknown, program.
Don't clutter output with extraneous information.

– Doug McIlroy, the inventor of UNIX pipes and one of the founders of the UNIX tradition, from which Linux has evolved.

Workaround

You can filter out the banner with the following code (might not work on macOS):

cors -u example.com  | sed -n '/^Starting/,$p'

I wrote about this in my blog.