A script to scan list of URLs for CRLF injection vulnerabilities. This tool tests each URL with a specific payload and checks for vulnerabilities by examining the response headers.
It's important to note that no vulnerability scanner is 100% accurate; ultimately, you still need to reproduce the vulnerability manually to create the proof of concept (PoC). This script simply helps detect which URLs may be vulnerable to CRLF vulnerabilities by checking if the response header is matches with 2222:param=crlfuzz.
Inspired by dwisiswant0 crlfuzz
User-Agent Rotation: Mimics different browsers to reduce detection.
Concurrent Scanning: Scans multiple URLs simultaneously for faster results.
Custom Payload: Identifies vulnerabilities using a specific CRLF payload.
Detailed Logging: Logs the scanning process and results clearly.
git clone https://github.com/ManShum812/CRLF-Vulnerability-Scanner.git
cd CRLF-Vulnerability-Scanner
python crlf.py
-
Prepare Input File: Create a file named input.txt with the URLs you want to scan.
-
Run the Script: python crlf.py
-
Check the Output: Results are saved in output.txt.
This script uses a custom payload (%23%0d%0a2222:param=crlfuzz) to test for CRLF vulnerabilities by checking if the response header matches 2222:param=crlfuzz. You can modify this payload as needed.
Your contributions are welcome! You can help improve this project by opening issues or submitting pull requests. If you have any ideas to enhance the tool, please share them. Together, we can strengthen web security!