Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Nefcore/CRLFsuite

The most powerful CRLF injection (HTTP Response Splitting) scanner.
https://github.com/Nefcore/CRLFsuite

bugbounty crlf-injection ethical-hacking http-response-splitting pentest-tool pentesting security-tools waf-detection webapp-pentesting

Last synced: 3 months ago
JSON representation

The most powerful CRLF injection (HTTP Response Splitting) scanner.

Host: GitHub
URL: https://github.com/Nefcore/CRLFsuite
Owner: Raghavd3v
License: mit
Created: 2022-03-31T02:23:29.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-10-17T04:27:24.000Z (about 1 year ago)
Last Synced: 2024-05-21T16:15:52.713Z (6 months ago)
Topics: bugbounty, crlf-injection, ethical-hacking, http-response-splitting, pentest-tool, pentesting, security-tools, waf-detection, webapp-pentesting
Language: Python
Homepage:
Size: 1.2 MB
Stars: 504
Watchers: 8
Forks: 72
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - CRLFsuite - A fast tool specially designed to scan CRLF injection (Exploitation / CRLF Injection)

README

CRLFsuite - CRLF injection scanner

[![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)
[![GitHub release](https://img.shields.io/github/release/Nefcore/CRLFsuite)](https://GitHub.com/Nefcore/CRLFsuite/releases/)
[![PyPI license](https://img.shields.io/pypi/l/ansicolortags.svg)](https://pypi.python.org/pypi/ansicolortags/)
[![GitHub forks](https://badgen.net/github/forks/Nefcore/CRLFsuite/)](https://GitHub.com/Nefcore/CRLFsuite/network/)
[![GitHub contributors](https://img.shields.io/github/contributors/Nefcore/CRLFsuite)](https://GitHub.com/Nefcore/badges/graphs/contributors/)

**The project is no more managed by developers.**

CRLFsuite is a powerful tool for `CRLF injection` detection and exploitation. Want to know how it works. Here's how
## Installation

You can install CRLFsuite using `pip` as given below:

```
pip3 install crlfsuite
```

or download this repository and run the following command:

```
sudo python3 setup.py install
```

## Features

* Single URL scanning

* Multiple URL scanning

* Stdin supported

* WAF detection

* Powerful payload generator

* CRLF Injection to XSS Chaining feature

* GET & POST method supported

* Concurrency

* Fast and efficient scanning with negligible false-positive

### Newly added in v2.5.1:

* Json & Text ouput supported

* Multiple headers supported

* Verbose output supported

* Scan can be resumed after CTRL^C is pressed

* Added heuristic (basic) scanner

* Compatibility with windows

### credits

* prompt.py is taken from Arjun
* WAF Detection methodology is taken from XSStrike
* User-Agent list is taken from ParamSpider
* WAF signatures is taken from XSStrike and wafw00f