CRLFsuite : Fast CRLF Injection Scanning Tool

CRLFsuite is a fast tool specially designed to scan CRLF injection.

Installation

$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h

Features

✔️ Single URL scanning

✔️ Multiple URL scanning

✔️ WAF detection

✔️ XSS through CRLF injection

✔️ Stdin supported

✔️ GET & POST method supported

✔️ Concurrency

✔️ Powerful payloads (WAF evasion payloads are also included)

✔️ Fast and efficient scanning with negligible false-positive

Arguments

Argument	Discription
-u/–url	target URL
-i/–import-urls	Import targets from the file
-s/–stdin	Scan URLs from stdin
-o/–output	Path for output file
-m/–method	Request method (GET/POST)
-d/–data	POST data
-uA/–user-agent	Specify User-Agent
-To/–timeout	Connection timeout
-c/–cookies	Specify cookies
-v/–verify	Verify SSL cert.
-t/–threads	Number of concurrent threads
-sB/–skip-banner	Skip banner and args info
-sP/–show-payloads	Show all the available CRLF payloads

Usage

Single URL scanning:

$ crlfsuite -u “http://testphp.vulnweb.com”

Multiple URLs scanning:

$ crlfsuite -i targets.txt

from stdin:

$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s

Specifying cookies :

$ crlfsuite -u “http://testphp.vulnweb.com” –cookies “key=val; newkey=newval”

Using POST method:

$ crlfsuite -i targets.txt -m POST -d “key=val&newkey=newval”

Related

SSRFuzz : A Tool To Find Server Side Request Forgery Vulnerabilities, With CRLF Chaining Capabilities

March 14, 2021

In "Kali Linux"

WebCopilot – A Comprehensive Subdomain Enumeration And Bug Detection Tool

January 24, 2024

In "Cyber security"

Bashter : Web Crawler, Scanner & Analyser Framework

May 7, 2019

In "Kali Linux"

R K

Next COM-Hunter : COM Hijacking VOODOO »

Previous « Cybersecurity in No-Code platforms: Key Principles

Leave a Comment

Share

Published by

R K

Tags: CRLF InjectionCRLFsuite

4 years ago

Recent Posts

Linux

How to Use the Linux find Command to Locate Files Like a Pro

Managing files efficiently is a core skill for anyone working in Linux, whether you're a…

2 days ago

Linux

How to Check Open Ports in Linux Using netstat, ss, and lsof

Open ports act as communication endpoints between your Linux system and the outside world. Every…

2 days ago

Cyber security

Best Endpoint Monitoring Tools for 2026

Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…

4 days ago

Cyber security

Best 9 Incident Response Automation Tools

Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…

4 days ago

Cyber security

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

2 months ago

TECH

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

3 months ago

L