Questions about tools
oldesec opened this issue · comments
oldesec commented
Hi.
Does the CORScanner tool support all the features of the "CORStest" tool?
What's the difference?
Jianjun Chen commented
Thanks for the question.
This tool covers most of the CORS misconfiguration types in the CORStest tool, except for some types that are difficult to be exploited. You can find them in the misconfiguration types section of the README.md.
The tool is originally developed for my large-scale measurement research(scanned 97,199,966 subdomains). This tool is faster and supports more customized features, e.g., file output, self-defined headers.