theoffsecgirl/corskit

## 做什么？ Web tool (pure HTML + JavaScript, no dependencies) to detect CORS misconfigurations in web endpoints. Allows testing a single endpoint, running an automatic scan of pre-generated origins, and visualizing results with severity classification. ## 特性 - Manual test per individual origin - **Auto-scan**: tests all auto-generated origins at once - Misconfiguration detection with severity: `critical` / `high` / `info` - Generated origins: subdomains, wildcard TLD, bypass chars (`%60`, `..`), `null`, `data:`, `file://` - Configurable method: `GET`, `POST`, `PUT`, `DELETE`, `OPTIONS` - Export results as `corskit_{timestamp}.txt` - No external dependencies — open directly in browser ## 用法 ### 选项 1 — 直接打开 ``` git clone https://github.com/theoffsecgirl/corskit.git cd corskit open cors_toolkit.html # macOS xdg-open cors_toolkit.html # Linux ``` ### 选项 2 — 本地服务器（避免浏览器自身的 CORS 限制） ``` python3 -m http.server 8080 # 打开: http://localhost:8080/cors_toolkit.html ``` ## 主文件 `cors_toolkit.html` — single file, fully self-contained. ## 道德使用 For bug bounty, labs and authorized audits only. ## 许可证 MIT · [theoffsecgirl](https://theoffsecgirl.com)

标签：Bug Bounty, CMS安全, CORS, CORS扫描, CORS绕过, CORS配置, DELETE, GET, HTML, JavaScript, OPTIONS, POST, PUT, SEO: CORS misconfiguration, SEO: CORS tester, SEO: web工具, SEO: 前端安全工具, SEO: 渗透测试工具, Web安全, 二进制发布, 前端安全, 可自定义解析器, 后端开发, 多模态安全, 安全测试, 工具开发, 开源工具, 攻击性安全, 数据可视化, 无依赖, 浏览器运行, 白盒测试, 系统独立性, 纯前端, 网络安全, 自动扫描, 蓝队分析, 跨域资源共享, 隐私保护