CRLFsuite – Fast CRLF Injection Scanning Tool

June 4, 2022

CRLFsuite is a fast tool specially designed to scan CRLF injection.


Installation

$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h

Features

  • Single URL scanning
  • Multiple URL scanning
  • Stdin supported
  • GET & POST method supported
  • Concurrency
  • Best Payloads list
  • Headers supported
  • Fast and efficient scanning with negligible false-positive

Usage

Single URL scanning:

$ crlfsuite -u "http://testphp.vulnweb.com"

Multiple URLs scanning:

$ crlfsuite -i targets.txt

from stdin:

$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s

Specifying cookies

: 

$ crlfsuite -u "http://testphp.vulnweb.com" --cookies "key=val; newkey=newval"

Using POST method:

$ crlfsuite -i targets.txt -m POST -d "key=val&newkey=newval"

Bug report

If You’re facing some errors or issues with this tool, you can open a issue here:

Open a issue

Download CRLFsuite

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

image

[BLACKSUIT] – Ransomware Victim: klarenbeek-transport[.]nl

November 15, 2024
image

[BLACKSUIT] – Ransomware Victim: surgicalassociates[.]com

November 15, 2024
image

[BLACKSUIT] – Ransomware Victim: kenmore[.]com

November 15, 2024
image

[BLACKSUIT] – Ransomware Victim: billyheromans[.]com

November 15, 2024
image

[HUNTERS] – Ransomware Victim: A&O IT Group

November 15, 2024