CRLFsuite - CRLF injection scanner
The project is no more managed by developers.
CRLFsuite is a powerful tool for CRLF injection detection and exploitation. Want to know how it works. Here’s how
Installation
You can install CRLFsuite using pip as given below:
pip3 install crlfsuite
or download this repository and run the following command:
sudo python3 setup.py install
Features
- Single URL scanning
- Multiple URL scanning
- Stdin supported
- WAF detection
- Powerful payload generator
- CRLF Injection to XSS Chaining feature
- GET & POST method supported
- Concurrency
- Fast and efficient scanning with negligible false-positive
Newly added in v2.5.1:
- Json & Text ouput supported
- Multiple headers supported
- Verbose output supported
- Scan can be resumed after CTRL^C is pressed
- Added heuristic (basic) scanner
- Compatibility with windows
credits
- prompt.py is taken from Arjun
- WAF Detection methodology is taken from XSStrike
- User-Agent list is taken from ParamSpider
- WAF signatures is taken from XSStrike and wafw00f
!