- Notifications
You must be signed in to change notification settings - Fork0
A fast tool to scan CRLF vulnerability written in Go
License
gprime31/crlfuzz
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A fast tool to scan CRLF vulnerability written in Go
The installation is easy. You can download a prebuilt binary fromreleases page, unpack and run! or with
▶ curl -sSfL https://git.io/crlfuzz| sh -s -- -b /usr/local/binIf you have go1.13+ compiler installed and configured:
▶ GO111MODULE=on go install github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest
In order to update the tool, you can use-u flag with go get command.
▶ git clone https://github.com/dwisiswant0/crlfuzz▶cd crlfuzz/cmd/crlfuzz▶ go build.▶ mv crlfuzz /usr/local/bin
Simply, CRLFuzz can be run with:
▶ crlfuzz -u"http://target"▶ crlfuzz -h
This will display help for the tool. Here are all the switches it supports.
| Flag | Description |
|---|---|
| -u, --url | Define single URL to fuzz |
| -l, --list | Fuzz URLs within file |
| -X, --method | Specify request method to use(default: GET) |
| -o, --output | File to save results |
| -d, --data | Define request data |
| -H, --header | Pass custom header to target |
| -x, --proxy | Use specified proxy to fuzz |
| -c, --concurrent | Set the concurrency level(default: 25) |
| -s, --silent | Silent mode |
| -v, --verbose | Verbose mode |
| -V, --version | Show current CRLFuzz version |
| -h, --help | Display its help |
You can define a target in 3 ways:
▶ crlfuzz -u"http://target"▶ crlfuzz -l /path/to/urls.txt
In case you want to chained with other tools.
▶ subfinder -d target -silent| httpx -silent| crlfuzz
By default, CRLFuzz makes requests withGET method.If you want to change it, you can use the-X flag.
▶ crlfuzz -u"http://target" -X"GET"
You can also save fuzzing results to a file with-o flag.
▶ crlfuzz -l /path/to/urls.txt -o /path/to/results.txt
If you want to send a data request using POST, DELETE. PATCH or other methods, you just need to use-d flag.
▶ crlfuzz -u"http://target" -X"POST" -d"data=body"
May you want to use custom headers to add cookies or other header parts.
▶ crlfuzz -u"http://target" -H"Cookie: ..." -H"User-Agent: ..."
Using a proxy, proxy string can be specified with aprotocol:// prefix to specify alternative proxy protocols.
▶ crlfuzz -u"http://target" -x http://127.0.0.1:8080Concurrency is the number of fuzzing at the same time. Default value CRLFuzz provide is25, you can change it by using-c flag.
▶ crlfuzz -l /path/to/urls.txt -c 50
If you activate this silent mode with the-s flag, you will only see vulnerable targets.
▶ crlfuzz -l /path/to/urls.txt -s| tee vuln-urls.txtUnlike silent mode, it will display error details if there is an error with the-v flag.
▶ crlfuzz -l /path/to/urls.txt -v
To display the current version of CRLFuzz with the-V flag.
▶ crlfuzz -V
You can use CRLFuzz as a library.
package mainimport ("fmt""github.com/dwisiswant0/crlfuzz/pkg/crlfuzz")funcmain() {target:="http://target"method:="GET"// Generates a potentially CRLF vulnerable URLsfor_,url:=rangecrlfuzz.GenerateURL(target) {// Scan against targetvuln,err:=crlfuzz.Scan(url,method,"", []string{},"")iferr!=nil {panic(err)}ifvuln {fmt.Printf("VULN! %s\n",url)}}}
If you are still confused or found a bug, pleaseopen the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.
CRLFuzz released under MIT. SeeLICENSE for more details.
Current version is 1.4.0 and still development.
About
A fast tool to scan CRLF vulnerability written in Go
Resources
License
Stars
Watchers
Forks
Packages0
Languages
- Go100.0%