CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities

CRLFMap is a tool to find HTTP Splitting vulnerabilities

  • I wanted to write a tool in Golang for concurrency
  • I wanted to be able to fuzz both parameters and paths

go get

Available Commands:  help        Help about any command  scan        A scanner for all your CRLF needsFlags:  -h, --help   help for crlfmap

scan usage
crlfmap scan --domains domains.txt --output results.txt===============================================================CRLFMap v0.0.1by Ryan D'Amour @ryandamour ===============================================================           _  __                                 | |/ _|                        ___ _ __| | |_ _ __ ___   __ _ _ __   / __| '__| |  _| '_ ' _  \/ _' | '_ \ | (__| |  | | | | | | | | | (_| | |_) | \___|_|  |_|_| |_| |_| |_|\__,_| .__/                                 | |                                    |_|        v0.0.1                                -----------------------:: Domains    : domains.txt:: Payloads   : payloads.txt:: Threads    : 1:: Output     : results.txt:: User Agent : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chr   ome/81.0.4044.138 Safari/537.36:: Timeout    : 10:: Delay      : 0-----------------------[+]http://localhost:3000/v1/%0AInjected-Header:CRLFInjecttest.json: is Vulnerable[+]http://localhost:3000/v1/%20%0AInjected-Header:CRLFInjecttest.json: is Vulnerable


Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities CRLFMap -  A Tool To Find HTTP Splitting Vulnerabilities Reviewed by Anonymous on 4:33 AM Rating: 5