cyberneticlibrary
← library

Hunt CORS misconfiguration exploits

hunt-corsskillsetup L11,791
elementalsouls/Claude-BugHunter
What it does

Hunt CORS Misconfiguration — origin-reflection with credentials,

Best for

Use for hunt cors misconfiguration — origin-reflection with credentials, null-origin trust, subdomain-regex bypass (unanchored vs unescaped-dot vs prefix-only), pre-flight (options) gating bypass, postmessage origin checks. high only when an attacker-controlled origin can perform a credentialed cross-origin read of sensitive data and you have proven it in a browser. use when testing api endpoints, spas, or any app emitting access-control-* headers.

Inputs
  • · target
  • · test vectors
  • · payloads
Outputs
  • · vulnerability report
  • · PoC code
  • · impact assessment
Requires
  • · curl
  • · HTTP client
Preconditions

Required dependencies and environment setup — see body for details

Failure modes

See documentation for known limitations and edge cases

Trust signals
  • · Skill: skill
  • · Repository: elementalsouls/Claude-BugHunter