forked from EdOverflow/megplus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cors.sh
executable file
·51 lines (40 loc) · 1.25 KB
/
cors.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
urlsfile=$1
YELLOW='\033[0;33m'
END='\033[0m'
CORS=()
CREDS=()
if [ -z "$urlsfile" ]; then
echo "Usage: $0 <urlsfile>"
exit 1
fi
function checkacao {
local url=$1
local origin=$2
curl -vs --max-time 9 "$url" -H"Origin: $origin" 2>&1 | grep -i "< Access-Control-Allow-Origin: $origin" &> /dev/null
}
function checkacac {
local url=$1
local origin=$2
curl -vs --max-time 9 "$url" -H"Origin: $origin" 2>&1 | grep -i "< Access-Control-Allow-Credentials: true" &> /dev/null
}
while read -r url; do
domain=$(echo "$url" | sed -E 's#https?://([^/]*)/?.*#\1#')
for origin in https://evil.com null https://$domain.evil.com https://${domain}evil.com; do
if checkacao "$url" "$origin"; then
CORS+=("$url might be vulnerable with origin '$origin'")
if checkacac "$url" "$origin"; then
CREDS+=("$url with origin '$origin' has Allow-Credentials: true")
fi
fi
sleep 2
done
done < $urlsfile
if [[ ${#CORS[@]} -gt 0 ]]; then
printf "${YELLOW}[i]${END} Potentially vulnerable targets:\\n"
printf '%s\n' "${CORS[@]}"
fi
if [[ ${#CREDS[@]} -gt 0 ]]; then
printf "${YELLOW}[i]${END} Has 'Allow-Credentials: true':\\n"
printf '%s\n' "${CREDS[@]}"
fi