CRLFsuite is a fast tool specially designed to scan CRLF injection.
$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h
✔️ Single URL scanning
✔️ Multiple URL scanning
✔️ WAF detection
✔️ XSS through CRLF injection
✔️ Stdin supported
✔️ GET & POST method supported
✔️ Concurrency
✔️ Powerful payloads (WAF evasion payloads are also included)
✔️ Fast and efficient scanning with negligible false-positive
| Argument | Discription |
|---|---|
| -u/–url | target URL |
| -i/–import-urls | Import targets from the file |
| -s/–stdin | Scan URLs from stdin |
| -o/–output | Path for output file |
| -m/–method | Request method (GET/POST) |
| -d/–data | POST data |
| -uA/–user-agent | Specify User-Agent |
| -To/–timeout | Connection timeout |
| -c/–cookies | Specify cookies |
| -v/–verify | Verify SSL cert. |
| -t/–threads | Number of concurrent threads |
| -sB/–skip-banner | Skip banner and args info |
| -sP/–show-payloads | Show all the available CRLF payloads |
Single URL scanning:
$ crlfsuite -u “http://testphp.vulnweb.com”
Multiple URLs scanning:
$ crlfsuite -i targets.txt
from stdin:
$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s
Specifying cookies :
$ crlfsuite -u “http://testphp.vulnweb.com” –cookies “key=val; newkey=newval”
Using POST method:
$ crlfsuite -i targets.txt -m POST -d “key=val&newkey=newval”
Image credit:pexels.com If you think back to the early days of personal computing, you probably…
In an era defined by technological innovation, the way people handle and understand money has…
The online world becomes more visually driven with every passing year. Images spread across websites,…
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…