Might wanna add the dot misconfiguration. A lot of times companies will set regex for their CORS and not escape the "." character. As a result, things like http://testXtest.com will be accepted when the intent was to whitelist http://test.test.com
I just made my "Corsy" public 
It scans for all known misconfigurations in CORS implementations (currently 10+ checks).
Github: https://github.com/s0md3v/Corsy pic.twitter.com/0FH44M7kGb
-
-
-
I will add it asap, thanks
- Još 2 druga odgovora
Novi razgovor -
-
-
Thanks Sangwan!! whats your primary methodology for finding bugs in a web app?
-
Spend days doing recon, don't rush. Do everything, from the usual subdomain enumeration to reading their API documentation. After that, use their product, see what's up. Then make a checklist of components, not vulnerabilities.
Kraj razgovora
Novi razgovor -
-
-
People who can't google how to install a Python module don't deserve free code.
- Još 1 odgovor
Novi razgovor -
-
-
Hey! Without spelunking, what's your false positive rate like? I mean, is it generating signals for a human to review or are you gunning for actual automatic identification of vulns (exploitable misconfigs)?
-
The false positive rate is 0 unless there's a logic bug in here because it's a beta version.
- Još 3 druga odgovora
Novi razgovor -
-
-
Can you produce JSON output? Will be useful in integrating with other tools.
-
in the readme there is "Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later." ;)
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.