CRLFsuite is a fast tool specially designed to scan CRLF injection.
$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h
✔️ Single URL scanning
✔️ Multiple URL scanning
✔️ WAF detection
✔️ XSS through CRLF injection
✔️ Stdin supported
✔️ GET & POST method supported
✔️ Concurrency
✔️ Powerful payloads (WAF evasion payloads are also included)
✔️ Fast and efficient scanning with negligible false-positive
| Argument | Discription |
|---|---|
| -u/–url | target URL |
| -i/–import-urls | Import targets from the file |
| -s/–stdin | Scan URLs from stdin |
| -o/–output | Path for output file |
| -m/–method | Request method (GET/POST) |
| -d/–data | POST data |
| -uA/–user-agent | Specify User-Agent |
| -To/–timeout | Connection timeout |
| -c/–cookies | Specify cookies |
| -v/–verify | Verify SSL cert. |
| -t/–threads | Number of concurrent threads |
| -sB/–skip-banner | Skip banner and args info |
| -sP/–show-payloads | Show all the available CRLF payloads |
Single URL scanning:
$ crlfsuite -u “http://testphp.vulnweb.com”
Multiple URLs scanning:
$ crlfsuite -i targets.txt
from stdin:
$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s
Specifying cookies :
$ crlfsuite -u “http://testphp.vulnweb.com” –cookies “key=val; newkey=newval”
Using POST method:
$ crlfsuite -i targets.txt -m POST -d “key=val&newkey=newval”
What Are Bash Comments? In Bash scripting, comments are notes in your code that the…
When you write a Bash script in Linux, you want it to run correctly every…
Introduction If you’re new to Bash scripting, one of the first skills you’ll need is…
What is Bash Scripting? Bash scripting allows you to save multiple Linux commands in a file and…
When it comes to automating tasks on Linux, Bash scripting is an essential skill for both beginners…
Learn how to create and use Bash functions with this complete tutorial. Includes syntax, arguments,…