CRLFsuite is a fast tool specially designed to scan CRLF injection
.
Installation
$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h
Features
Usage
Single URL scanning:
$ crlfsuite -u "http://testphp.vulnweb.com"
Multiple URLs scanning:
$ crlfsuite -i targets.txt
from stdin:
Specifying cookies
:
$ crlfsuite -u "http://testphp.vulnweb.com" --cookies "key=val; newkey=newval"
Using POST method:
$ crlfsuite -i targets.txt -m POST -d "key=val&newkey=newval"
Bug report
If You're facing some errors or issues with this tool, you can open a issue here: