Share
## https://sploitus.com/exploit?id=57344B7D-CE3A-57B3-B13D-92B5FE98FE9B
# CVE-2025-34291_cors_security_scanner
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
````md id="zrxk1u"
# CORS Security Scanner
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations.
This tool helps identify:
- Wildcard CORS policies (`*`)
- Arbitrary origin reflection
- Credentialed CORS misconfigurations
- Dangerous preflight (`OPTIONS`) behavior
- SameSite cookie issues
Designed for:
- Authorized penetration testing
- Internal security assessments
- Bug bounty programs
- Defensive security research
---
# Features
- Single target scanning
- Bulk target scanning via TXT file
- Multi-threaded scanning
- XLSX report export
- JSON report export
- Preflight request analysis
- Multiple endpoint/path testing
- Severity classification
- Colored console output
---
# Installation
Clone repository:
```bash
git clone https://github.com/amnnrth/CVE-2025-34291_cors_security_scanner.git
cd CVE-2025-34291_cors_security_scanner
````
Install dependencies:
```bash
pip install -r requirements.txt
```
---
# Usage
Run scanner:
```bash
python3 cors_scanner.py
```
---
# Bulk Scan Example
Create `targets.txt`
```txt
https://example.com
https://api.example.com
target.com
```
Select:
```txt
2. Bulk Scan (TXT File)
```
Reports will automatically be saved into:
```txt
reports/
```
---
# Severity Levels
| Severity | Description |
| -------- | ------------------------------------ |
| INFO | No dangerous behavior detected |
| MEDIUM | Wildcard origin allowed |
| HIGH | Origin reflection detected |
| CRITICAL | Reflection/wildcard with credentials |
| ERROR | Connection or SSL issue |
---
# Example Vulnerable Headers
```http
Access-Control-Allow-Origin: *
```
```http
Access-Control-Allow-Origin: https://evil.com
Access-Control-Allow-Credentials: true
```
---
# Legal Disclaimer
This tool is intended ONLY for authorized security testing and defensive security research.
Unauthorized scanning against systems without permission may violate laws and regulations.
Users are responsible for complying with applicable laws and policies.
---
# Author
Security research & defensive tooling project for improving web application security awareness.
````
Simple repository description:
```txt id="wcruhf"
Python-based CORS misconfiguration scanner for authorized security testing with XLSX/JSON reporting support.
````