https://github.com/Raghavd3v/CRLFsuite

The most powerful CRLF injection (HTTP Response Splitting) scanner.
https://github.com/Raghavd3v/CRLFsuite

bugbounty crlf-injection ethical-hacking http-response-splitting pentest-tool pentesting security-tools waf-detection webapp-pentesting

Last synced: about 1 year ago
JSON representation

The most powerful CRLF injection (HTTP Response Splitting) scanner.

• Host: GitHub
• URL: https://github.com/Raghavd3v/CRLFsuite
• Owner: Raghavd3v
• License: mit
• Created: 2022-03-31T02:23:29.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2023-10-17T04:27:24.000Z (over 2 years ago)
• Last Synced: 2024-05-21T16:15:52.713Z (about 2 years ago)
• Topics: bugbounty, crlf-injection, ethical-hacking, http-response-splitting, pentest-tool, pentesting, security-tools, waf-detection, webapp-pentesting
• Language: Python
• Homepage:
• Size: 1.2 MB
• Stars: 504
• Watchers: 8
• Forks: 72
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


CRLFsuite - CRLF injection scanner


[![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)

[![GitHub release](https://img.shields.io/github/release/Nefcore/CRLFsuite)](https://GitHub.com/Nefcore/CRLFsuite/releases/)

[![PyPI license](https://img.shields.io/pypi/l/ansicolortags.svg)](https://pypi.python.org/pypi/ansicolortags/)

[![GitHub forks](https://badgen.net/github/forks/Nefcore/CRLFsuite/)](https://GitHub.com/Nefcore/CRLFsuite/network/)

[![GitHub contributors](https://img.shields.io/github/contributors/Nefcore/CRLFsuite)](https://GitHub.com/Nefcore/badges/graphs/contributors/)





**The project is no more managed by developers.**

CRLFsuite is a powerful tool for `CRLF injection` detection and exploitation. Want to know how it works. Here's how

## Installation

You can install CRLFsuite using `pip` as given below:

```

pip3 install crlfsuite

```

or download this repository and run the following command:

```

sudo python3 setup.py install

```

## Features

* Single URL scanning

* Multiple URL scanning

* Stdin supported

* WAF detection

* Powerful payload generator

* CRLF Injection to XSS Chaining feature 

* GET & POST method supported

* Concurrency

* Fast and efficient scanning with negligible false-positive

### Newly added in v2.5.1:

* Json & Text ouput supported

* Multiple headers supported

* Verbose output supported

* Scan can be resumed after CTRL^C is pressed

* Added heuristic (basic) scanner

* Compatibility with windows

### credits

* prompt.py is taken from Arjun

* WAF Detection methodology is taken from XSStrike

* User-Agent list is taken from ParamSpider

* WAF signatures is taken from XSStrike and wafw00f