Hi.

Does the CORScanner tool support all the features of the "CORStest" tool?

What's the difference?

Thanks for the question.

This tool covers most of the CORS misconfiguration types in the CORStest tool, except for some types that are difficult to be exploited. You can find them in the misconfiguration types section of the README.md.

The tool is originally developed for my large-scale measurement research(scanned 97,199,966 subdomains). This tool is faster and supports more customized features, e.g., file output, self-defined headers.

@chenjj Very Thanks 👍