Share
## https://sploitus.com/exploit?id=57344B7D-CE3A-57B3-B13D-92B5FE98FE9B
# CVE-2025-34291_cors_security_scanner
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.

````md id="zrxk1u"
# CORS Security Scanner

A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations.

This tool helps identify:
- Wildcard CORS policies (`*`)
- Arbitrary origin reflection
- Credentialed CORS misconfigurations
- Dangerous preflight (`OPTIONS`) behavior
- SameSite cookie issues

Designed for:
- Authorized penetration testing
- Internal security assessments
- Bug bounty programs
- Defensive security research

---

# Features

- Single target scanning
- Bulk target scanning via TXT file
- Multi-threaded scanning
- XLSX report export
- JSON report export
- Preflight request analysis
- Multiple endpoint/path testing
- Severity classification
- Colored console output

---

# Installation

Clone repository:

```bash
git clone https://github.com/amnnrth/CVE-2025-34291_cors_security_scanner.git
cd CVE-2025-34291_cors_security_scanner
````

Install dependencies:

```bash
pip install -r requirements.txt
```

---

# Usage

Run scanner:

```bash
python3 cors_scanner.py
```

---

# Bulk Scan Example

Create `targets.txt`

```txt
https://example.com
https://api.example.com
target.com
```

Select:

```txt
2. Bulk Scan (TXT File)
```

Reports will automatically be saved into:

```txt
reports/
```

---

# Severity Levels

| Severity | Description                          |
| -------- | ------------------------------------ |
| INFO     | No dangerous behavior detected       |
| MEDIUM   | Wildcard origin allowed              |
| HIGH     | Origin reflection detected           |
| CRITICAL | Reflection/wildcard with credentials |
| ERROR    | Connection or SSL issue              |

---

# Example Vulnerable Headers

```http
Access-Control-Allow-Origin: *
```

```http
Access-Control-Allow-Origin: https://evil.com
Access-Control-Allow-Credentials: true
```

---

# Legal Disclaimer

This tool is intended ONLY for authorized security testing and defensive security research.

Unauthorized scanning against systems without permission may violate laws and regulations.

Users are responsible for complying with applicable laws and policies.

---

# Author

Security research & defensive tooling project for improving web application security awareness.

````

Simple repository description:

```txt id="wcruhf"
Python-based CORS misconfiguration scanner for authorized security testing with XLSX/JSON reporting support.
````