Update README.md

robotshell · web-flow · commit a564ea680c49 · 2020-03-31T21:16:04.000+02:00
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ Recon is an essential element of any penetration testing. This repository contai
 * [Assetfinder](https://github.com/tomnomnom/assetfinder)
 * [Subjack](https://github.com/haccer/subjack)
 * [httprobe](https://github.com/tomnomnom/httprobe)
+* [Corsy](https://github.com/s0md3v/Corsy)
 * [Aquatone](https://github.com/michenriksen/aquatone)
 * [curl](https://curl.haxx.se/)
 * [relative-url-extractor](https://github.com/jobertabma/relative-url-extractor)
@@ -37,15 +38,15 @@ Recon is an essential element of any penetration testing. This repository contai
 # How does it work?
 The script has 5 phases:
 
-1. Subdomain enumeration: Amass, Certsh.py, Github-subdomains.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Finally, Aquatone takes screenshots of each subdomain.
+1. Subdomain enumeration: Amass, Certsh.py, Github-subdomains.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Corsy tool is used to find CORS missconfigurations. Finally, Aquatone takes screenshots of each subdomain.
 
-2. Headers: curl is used to obtain the headers of each subdomain. 
+2. Javascript: relative-url-extractor and Jsearch.py are used to inspect the javascript files of each subdomain for endpoints and sensitive information.
 
-3. Javascript: relative-url-extractor and Jsearch.py are used to inspect the javascript files of each subdomain for endpoints and sensitive information.
+3. Directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration.
 
-4. Directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration.
+4. Nmap: Nmap is used to scan ports and services quiclky.
 
-5. Nmap: Nmap is used to scan ports and services quiclky.
+5. Headers: curl is used to obtain the headers of each subdomain. 
 
 ###  All the data generated in the different processes are saved in different files and directories in different formats.
 ![Example image](https://raw.githubusercontent.com/robotshell/magicRecon/master/example.png)
