CRLFuzz — Exploitation | Tools

Description

CRLFuzz is a fast tool for scanning CRLF (Carriage Return Line Feed) injection vulnerabilities. CRLF injection can lead to HTTP response splitting, session fixation, and XSS.

Installation

                        BASH
                        
                            # Using Go
go install github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest

# From releases
# Download binary from GitHub releases page

Basic Usage

                        BASH
                        
                            # Scan single URL
crlfuzz -u "https://target.com"

# Scan from file
crlfuzz -l urls.txt

# With custom concurrency
crlfuzz -l urls.txt -c 50

Advanced Usage

                        BASH
                        
                            # Output results
crlfuzz -l urls.txt -o results.txt

# Silent mode
crlfuzz -l urls.txt -s

# Verbose output
crlfuzz -l urls.txt -v

# Custom HTTP method
crlfuzz -u "https://target.com" -X POST

Common Workflows

                        BASH
                        
                            # Pipe from other tools
gau target.com | sort -u | crlfuzz -s

# Full pipeline
subfinder -d target.com -silent | httpx -silent | crlfuzz -s -o crlf-vulns.txt

# Combine with paramspider
paramspider -d target.com | crlfuzz -s