CRLFsuite v2.5.2 releases: Fast CRLF injection scanning tool
CRLFsuite
CRLFsuite is a fast tool specially designed to scan CRLF injection.
Features
✔️ Single URL scanning
✔️ Multiple URL scanning
✔️ Stdin supported
✔️ GET & POST method supported
✔️ Concurrency
✔️ Best Payloads list
✔️ Headers supported
✔️ Fast and efficient scanning with negligible false-positive
Changelog v2.5.2
New arguments:
--delay--stable--headers-oN-oJ--resume--silent-sH-cL
New features:
- Json & Text ouput supported
- Multiple headers supported
- Verbose output supported
- Scan can be resumed after CTRL^C is pressed
- Added heuristic (basic) scanner
- Compatibility with windows
Enhancement
- Enhanced payload generator
- Enhanced exporter.py
- Enhanced scanner.py
- Enhanced WAF detector
- Enhanced main.py
Install
$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h
Use
Single URL scanning:
$ crlfsuite –u “http://testphp.vulnweb.com”
Multiple URLs scanning:
$ crlfsuite -i targets.txt
from stdin:
$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s
Specifying cookies 🍪:
$ crlfsuite –u “http://testphp.vulnweb.com” ––cookies “key=val; newkey=newval”
Using the POST method:
$ crlfsuite –i targets.txt –m POST –d “key=val&newkey=newval”
Copyright (c) 2022 Nefcore Security
Source: https://github.com/Nefcore/
