Skip to content

Commit

Permalink
Update test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@omranisecurity
omranisecurity committed Feb 22, 2025
1 parent 1c20bd2 commit fb6a7bf
Showing 1 changed file with 54 additions and 28 deletions.
82 changes: 54 additions & 28 deletions CorsOne.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,33 +33,59 @@ def scan(url, headers, output, no_color, rate_limit, method, stop_on_first, prox
url = unquote(url, encoding='utf-8')
origin = urlparse(url).netloc
bypass_dict = {
'Reflected Origin': 'attacker.com',
'Trusted Subdomains': 'subdomain.' + origin,
'Regexp bypass': origin + '.attacker.com',
'Reflected Origin': 'https://attacker.com',
'Breaking TLS': f'http://{origin}',
'Trusted Subdomains': f'https://subdomain.{origin}',
'Unencrypted Subdomains': f'http://subdomain.{origin}',
'Null Origin': 'Null',
'Breaking TLS': 'http://' + origin,
'Advance Regexp bypass 1': origin + ',.attacker.com',
'Advance Regexp bypass 2': origin + '&.attacker.com',
'Advance Regexp bypass 3': origin + "'.attacker.com",
'Advance Regexp bypass 4': origin + '".attacker.com',
'Advance Regexp bypass 5': origin + ';.attacker.com',
'Advance Regexp bypass 6': origin + '!.attacker.com',
'Advance Regexp bypass 7': origin + '$.attacker.com',
'Advance Regexp bypass 8': origin + '^.attacker.com',
'Advance Regexp bypass 9': origin + '*.attacker.com',
'Advance Regexp bypass 10': origin + '(.attacker.com',
'Advance Regexp bypass 11': origin + ').attacker.com',
'Advance Regexp bypass 12': origin + '+.attacker.com',
'Advance Regexp bypass 13': origin + '=.attacker.com',
'Advance Regexp bypass 14': origin + '`.attacker.com',
'Advance Regexp bypass 15': origin + '~.attacker.com',
'Advance Regexp bypass 16': origin + '-.attacker.com',
'Advance Regexp bypass 17': origin + '_.attacker.com',
'Advance Regexp bypass 18': origin + '=.attacker.com',
'Advance Regexp bypass 19': origin + '|.attacker.com',
'Advance Regexp bypass 20': origin + '{.attacker.com',
'Advance Regexp bypass 21': origin + '}.attacker.com',
'Advance Regexp bypass 22': origin + '%.attacker.com',
'Unencrypted domain ends allow': f'http://attacker{origin}',
'Domain ends allow': f'https://attacker{origin}',
'Unencrypted localhost regex implementation edge case': 'http://localhost.attacker.com/',
'Localhost regex implementation edge case': 'https://localhost.attacker.com/',
'Bypass 1': f'http://attacker.com.{origin}',
'Bypass 2': f'https://attacker.com.{origin}',
'Bypass 3': f'https://{origin}._.attacker.com',
'Bypass 4': f'https://{origin}.-.attacker.com',
'Bypass 5': f'https://{origin}.,.attacker.com',
'Bypass 6': f'https://{origin}.;.attacker.com',
'Bypass 7': f'https://{origin}.!.attacker.com',
"Bypass 8": f"https://{origin}.' .attacker.com",
'Bypass 9': f'https://{origin}".attacker.com',
'Bypass 10': f'https://{origin}.(.attacker.com',
'Bypass 11': f'https://{origin}.).attacker.com',
'Bypass 12': 'https://' + origin + '.{attacker.com',
'Bypass 13': 'https://' + origin + '.}attacker.com',
'Bypass 14': f'https://{origin}.*.attacker.com',
'Bypass 15': f'https://{origin}.&.attacker.com',
'Bypass 16': f'https://{origin}.`.attacker.com',
'Bypass 17': f'https://{origin}.+.attacker.com',
'Bypass 18': f'https://{origin}.attacker.com',
'Bypass 19': f'https://{origin}.=.attacker.com',
'Bypass 20': f'https://{origin}.~.attacker.com',
'Bypass 21': f'https://{origin}.$.attacker.com',
'Bypass 22': f'http://s{origin}/',
'Bypass 23': f'https://{origin.replace(".", "x")}',
'Advance Regexp bypass 1': f'{origin},.attacker.com',
'Advance Regexp bypass 2': f'{origin}&.attacker.com',
'Advance Regexp bypass 3': f"{origin}'.attacker.com",
'Advance Regexp bypass 4': f'{origin}".attacker.com',
'Advance Regexp bypass 5': f'{origin};.attacker.com',
'Advance Regexp bypass 6': f'{origin}!.attacker.com',
'Advance Regexp bypass 7': f'{origin}$.attacker.com',
'Advance Regexp bypass 8': f'{origin}^.attacker.com',
'Advance Regexp bypass 9': f'{origin}*.attacker.com',
'Advance Regexp bypass 10': f'{origin}(.attacker.com',
'Advance Regexp bypass 11': f'{origin}).attacker.com',
'Advance Regexp bypass 12': f'{origin}+.attacker.com',
'Advance Regexp bypass 13': f'{origin}=.attacker.com',
'Advance Regexp bypass 14': f'{origin}`.attacker.com',
'Advance Regexp bypass 15': f'{origin}~.attacker.com',
'Advance Regexp bypass 16': f'{origin}-.attacker.com',
'Advance Regexp bypass 17': f'{origin}_.attacker.com',
'Advance Regexp bypass 18': f'{origin}|.attacker.com',
'Advance Regexp bypass 19': 'https://' + origin + '.{.attacker.com',
'Advance Regexp bypass 19': 'https://' + origin + '.}.attacker.com',
'Advance Regexp bypass 21': f'{origin}%.attacker.com',
}

vulnerable_found = False
Expand Down Expand Up @@ -117,7 +143,7 @@ def validation(url):
sys.exit(1)

def main():
parser = argparse.ArgumentParser(prog='CorsOne', description='Fast CORS Misconfiguration Discovery Tool', epilog='Version: 0.9.5')
parser = argparse.ArgumentParser(prog='CorsOne', description='Fast CORS Misconfiguration Discovery Tool', epilog='Version: 0.9.6')
parser.add_argument('-u', '--url', type=str, help="input target url to probe")
parser.add_argument('-l', '--list', help="input file list of URLs")
parser.add_argument('-sof', '--stop-on-first', action='store_true', help='stop testing after finding the first vulnerability')
Expand All @@ -139,7 +165,7 @@ def main():
method = args.method if args.method else "GET"

if args.version:
print("v0.9.5")
print("v0.9.6")
sys.exit(0)

# Check if both -u and -l are provided
Expand Down

0 comments on commit fb6a7bf

Please sign in to comment.