Kali Linux

CRLFsuite : Fast CRLF Injection Scanning Tool

CRLFsuite is a fast tool specially designed to scan CRLF injection.

Installation

$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h

Features

✔️ Single URL scanning

✔️ Multiple URL scanning

✔️ WAF detection

✔️ XSS through CRLF injection

✔️ Stdin supported

✔️ GET & POST method supported

✔️ Concurrency

✔️ Powerful payloads (WAF evasion payloads are also included)

✔️ Fast and efficient scanning with negligible false-positive

Arguments

ArgumentDiscription
-u/–urltarget URL
-i/–import-urlsImport targets from the file
-s/–stdinScan URLs from stdin
-o/–outputPath for output file
-m/–methodRequest method (GET/POST)
-d/–dataPOST data
-uA/–user-agentSpecify User-Agent
-To/–timeoutConnection timeout
-c/–cookiesSpecify cookies
-v/–verifyVerify SSL cert.
-t/–threadsNumber of concurrent threads
-sB/–skip-bannerSkip banner and args info
-sP/–show-payloadsShow all the available CRLF payloads

Usage

Single URL scanning:

$ crlfsuite -u “http://testphp.vulnweb.com”

Multiple URLs scanning:

$ crlfsuite -i targets.txt

from stdin:

$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s

Specifying cookies :

$ crlfsuite -u “http://testphp.vulnweb.com” –cookies “key=val; newkey=newval”

Using POST method:

$ crlfsuite -i targets.txt -m POST -d “key=val&newkey=newval”

R K

Recent Posts

Upgrade to Ubuntu 20.04 LTS: Prepare, Update, and Confirm

Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…

2 hours ago

Install Google Chrome on Ubuntu 20.04: Download and Setup Guide

Google Chrome is the most widely used web browser in the world. It is fast, secure,…

2 hours ago

Install Java on Ubuntu 20.04: OpenJDK 11, JDK 8, and JAVA_HOME

Java is one of the most widely used programming languages in the world. It runs on…

2 hours ago

Install Ubuntu on Raspberry Pi: Flash, Configure, and Boot

Raspberry Pi is the most popular single-board computer ever made. It is small, affordable, and surprisingly…

2 hours ago

Install pip on Ubuntu 20.04: Python 3, Python 2, and Usage Guide

pip is Python's package manager. It lets you search, download, and install packages from the Python Package…

3 hours ago

Install MySQL on Ubuntu 20.04: Setup, Security, and Root Access

MySQL is the most popular open-source relational database management system. It is fast, reliable, and a…

1 day ago