https://portswigger.net/web-security/cors
# CORS is a feature allowing access to resources hosted on different domains# If badly configured, it can allow cross-domain attacks like CSRF
# Corsy is an automated tool to discover potential CORS misconfiguration and issues
https://github.com/s0md3v/Corsy
# Usage
$ python3 corsy.py -u https://haax.fr
CORSY {v0.2-beta}[+] Misconfiguration found!
[!] Title: Wildcard value
[!] Description: This host allows requests made from any origin. However, browsers will block all requests to this host by default.
[!] Severity: Low
[!] Exploitation: Not possible