[addtool] CORStest

[gwen001]

[link]https://github.com/RUB-NDS/CORStest[/link] [short_descr]A simple CORS misconfiguration scanner.[/short_descr] [tags]vulnerabilities,cors,scanner[/tags] [long_descr]CORStest is a quick & dirty Python 3 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential vulnerabilities are detected by sending a certain Origin request header and checking for the Access-Control-Allow-Origin response header:

• Developer backdoor
• Origin reflection
• Null misconfiguration
• Pre-domain wildcard
• Post-domain wildcard
• Subdomains allowed
• Non-ssl sites allowed
• Invalid CORS header[/long_descr]

[gwen001]

Issue correctly handled, tool is waiting for human validation.

[gwen001]

Tool has been accepted: https://offsec.tools/tool/corstest

Thank you!