CRLFsuite v2.0 releases: Fast CRLF injection scanning tool
CRLFsuite
CRLFsuite is a fast tool specially designed to scan CRLF injection.
Features
✔️ Single URL scanning
✔️ Multiple URL scanning
✔️ Stdin supported
✔️ GET & POST method supported
✔️ Concurrency
✔️ Best Payloads list
✔️ Headers supported
✔️ Fast and efficient scanning with negligible false-positive
Changelog v2.0
✔️ WAF detection
✔️ XSS through CRLF injection scanning
✔️ Improved and fixed bugs in crlfscanner.py
✔️ Enhanced scanning techniques
Install
$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h
Use
Single URL scanning:
$ crlfsuite –u “http://testphp.vulnweb.com”
Multiple URLs scanning:
$ crlfsuite -i targets.txt
from stdin:
$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s
Specifying cookies 🍪:
$ crlfsuite –u “http://testphp.vulnweb.com” ––cookies “key=val; newkey=newval”
Using the POST method:
$ crlfsuite –i targets.txt –m POST –d “key=val&newkey=newval”
Copyright (c) 2022 Nefcore Security
Source: https://github.com/Nefcore/