CRLFsuite - CRLF injection scanner

---

The project is no more managed by developers.

CRLFsuite is a powerful tool for CRLF injection detection and exploitation. Want to know how it works. Here's how

Installation

You can install CRLFsuite using pip as given below:

pip3 install crlfsuite

or download this repository and run the following command:

sudo python3 setup.py install

Features

• Single URL scanning

• Multiple URL scanning

• Stdin supported

• WAF detection

• Powerful payload generator

• CRLF Injection to XSS Chaining feature

• GET & POST method supported

• Concurrency

• Fast and efficient scanning with negligible false-positive

Newly added in v2.5.1:

• Json & Text ouput supported

• Multiple headers supported

• Verbose output supported

• Scan can be resumed after CTRL^C is pressed

• Added heuristic (basic) scanner

• Compatibility with windows

credits

• prompt.py is taken from Arjun
• WAF Detection methodology is taken from XSStrike
• User-Agent list is taken from ParamSpider
• WAF signatures is taken from XSStrike and wafw00f