reddit hackernews mail facebook facebook linkedin


The most powerful CRLF injection scanner.

CRLFsuite is a powerful tool for CRLF injection detection and exploitation. Features are:
- Single URL scanning
- Multiple URL scanning
- Stdin supported
- WAF detection
- Powerful payload generator
- CRLF Injection to XSS Chaining feature
- GET & POST method supported
- Concurrency
- Fast and efficient scanning with negligible false-positive
- Json & Text ouput supported
- Multiple headers supported
- Verbose output supported
- Scan can be resumed after CTRL^C is pressed
- Added heuristic (basic) scanner
- Compatibility with windows