CRLFsuite is a fast tool specially designed to scan CRLF injection
.
$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h
✔️ Single URL scanning
✔️ Multiple URL scanning
✔️ WAF detection
✔️ XSS through CRLF injection
✔️ Stdin supported
✔️ GET & POST method supported
✔️ Concurrency
✔️ Powerful payloads (WAF evasion payloads are also included)
✔️ Fast and efficient scanning with negligible false-positive
Single URL scanning:
$ crlfsuite -u "http://testphp.vulnweb.com"
Multiple URLs scanning:
$ crlfsuite -i targets.txt
from stdin:
$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s
Specifying cookies 🍪:
$ crlfsuite -u "http://testphp.vulnweb.com" --cookies "key=val; newkey=newval"
Using POST method:
$ crlfsuite -i targets.txt -m POST -d "key=val&newkey=newval"
If You're facing some errors or issues with this tool, you can open a issue here: