SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities. Why? I wanted to write a tool in Golang for concurrency I wanted to fuzz parameters for SSRF vulnerablities, as well as fuzz both paths and parameters for CRLF injections I was inspired by Orange’s work for chaining these types …
Tag Archives: CRLF
CRLFuzz : A Fast Tool To Scan CRLF Vulnerability Written In Go
CRLFuzz is a fast tool to scan CRLF vulnerability written in Go. Installation From Binary The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with curl -sSfL https://git.io/crlfuzz | sh -s — -b /usr/local/bin From Source If you have go1.13+ compiler installed and configured: GO111MODULE=on go get …
Continue reading “CRLFuzz : A Fast Tool To Scan CRLF Vulnerability Written In Go”
Injectus : CRLF & Open Redirect Fuzzer
Injectus is a simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. Design If we have the following URL: https://dubell.io/?param1=value1&url=value2¶m3=value3 For CRLF attacks, Injectus will inject every payload once into the value of one parameter, for every n parameters. For example, Injectus will create the following list with …