crlfuzz v1.4.1 releases: fast tool to scan CRLF vulnerability
CRLFuzz
A fast tool to scan CRLF vulnerability written in Go
Changelog v1.4.1
0a8bcc8 Merge pull request #13 from dwisiswant0/dependabot/github_actions/peter-evans/create-pull-request-v3.5.1
391db38 ⬆️ Bump peter-evans/create-pull-request from v3.5.0 to v3.5.1
ae45136 Merge pull request #12 from dwisiswant0/dependabot/github_actions/peter-evans/create-pull-request-v3.5.0
b65aef5 ⬆️ Bump peter-evans/create-pull-request from v2 to v3.5.0
2301c3e Merge pull request #11 from dwisiswant0/dependabot/github_actions/golangci/golangci-lint-action-v2.3.0
4842319 ⬆️ Bump golangci/golangci-lint-action from v2.2.1 to v2.3.0
fdec043 Merge pull request #9 from dwisiswant0/dependabot/github_actions/golangci/golangci-lint-action-v2.2.1
e8efdde ⬆️ Bump golangci/golangci-lint-action from v2.2.0 to v2.2.1
62d7bf7 Merge pull request #8 from dwisiswant0/lgtm
83a5587 🚨 disabled-certificate-check
d3faa1f 🚨 LGTM alerts
996d71f ✏️ Update installer script
67f7449 Merge pull request #6 from dwisiswant0/development
8f8275f Merge pull request #5 from dwisiswant0/development
Usage
Basic Usage
Simply, CRLFuzz can be run with:
▶ crlfuzz -u "http://target"
Flags
▶ crlfuzz -h
This will display help for the tool. Here are all the switches it supports.
| Flag | Description |
|---|---|
| -u, –url | Define single URL to fuzz |
| -l, –list | Fuzz URLs within a file |
| -X, –method | Specify request method to use (default: GET) |
| -d, –data | Define request data |
| -H, –header | Pass custom header to target |
| -x, –proxy | Use a specified proxy to fuzz |
| -c, –concurrent | Set the concurrency level (default: 20) |
| -s, –silent | Silent mode |
| -v, –verbose | Verbose mode |
| -V, –version | Show current CRLFuzz version |
| -h, –help | Display its help |
Target
You can define a target in 3 ways:
Single URL
▶ crlfuzz -u "http://target"
URLs from list
▶ crlfuzz -l /path/to/urls.txt
from Stdin
In case you want to chain with other tools.
▶ subfinder -d target -silent | httpx -silent | crlfuzz
Method
By default, CRLFuzz makes requests with the GET method. If you want to change it, you can use the -X flag.
▶ crlfuzz -u "http://target" -X "GET"
Data
If you want to send a data request using POST, DELETE. PATCH or other methods, you just need to use -d flag.
▶ crlfuzz -u "http://target" -X "POST" -d "data=body"
Adding Headers
May you want to use custom headers to add cookies or other header parts.
▶ crlfuzz -u "http://target" -H "Cookie: ..." -H "User-Agent: ..."
Using Proxy
Using a proxy, a proxy string can be specified with a protocol:// prefix to specify alternative proxy protocols.
▶ crlfuzz -u "http://target" -x http://127.0.0.1:8080
Concurrency
Concurrency is the number of fuzzing at the same time. The default value CRLFuzz provides is 20, you can change it by using -c flag.
▶ crlfuzz -l /path/to/urls.txt -c 25
Silent
If you activate this silent mode with the -s flag, you will only see vulnerable targets.
▶ crlfuzz -l /path/to/urls.txt -s | tee vuln-urls.txt
Verbose
Unlike silent mode, it will display error details if there is an error with the -v flag.
▶ crlfuzz -l /path/to/urls.txt -v
Version
To display the current version of CRLFuzz with the -V flag.
▶ crlfuzz -V
Library
You can use CRLFuzz as a library.
Download
Copyright (c) 2020 dwisiswant0
