CRLFuzz – Tool to Automatically Scan CRLF Vulnerability

CRLFuzz - Tool to Automatically Scan CRLF Vulnerability

CRLFuzz is a powerful tool used for detecting and exploiting vulnerabilities that arise from the presence of Carriage Return (CR) and Line Feed (LF) characters in web applications. These vulnerabilities can lead to serious security issues such as session hijacking, cross-site scripting (XSS) attacks (use Dalfox to automatically scan and exploit XSS vulnerability), and remote code execution (RCE).

How CRLFUZZ works

CRLFuzz works by sending specially crafted HTTP requests to the target web application that contain CR and LF characters in specific locations. The tool then analyzes the responses from the web server to determine whether the presence of these characters has caused any unexpected behavior.

One of the main use cases for CRLFuzz is in detecting CRLF injection vulnerabilities. These types of vulnerabilities arise when an attacker can inject CR and LF characters into an HTTP response header or body, which can then be interpreted by the client in unexpected ways. For example, an attacker could inject a CR and LF sequence into a response header to trick a client into setting a new cookie value, which the attacker can then use to hijack the victim’s session.


CRLFuzz also has a number of other features that make it a useful tool for web application security testing. For example, it can be used to:

  • Test for XSS vulnerabilities by injecting script tags containing CR and LF characters into input fields and analyzing the resulting response.
  • Also be used to test for RCE vulnerabilities by injecting shell commands into HTTP headers or parameters and analyzing the response.

One of the advantages of CRLFuzz is that it is easy to use, and does not require any advanced technical knowledge. The tool is designed to be user-friendly and intuitive, with a simple command-line interface and a range of options and settings that can be customized to suit the needs of the user.

CRLFuzz Installation

from Binary

The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with

curl -sSfL | sh -s — -b /usr/local/bin

from Source

If you have go1.13+ compiler installed and configured:

GO111MODULE=on go install

In order to update the tool, you can use -u flag with go get command.

from GitHub

git clone cd crlfuzz/cmd/crlfuzz go build . mv crlfuzz /usr/local/bin

How to Use CRLFuzz

Basic Usage

Single URL:

crlfuzz -u “http://target”

URLs from list:

crlfuzz -l /path/to/urls.txt

from Stdin

In case you want to chained with other tools.

subfinder -d target -silent | httpx -silent | crlfuzz

And also you can set request method like GET or POST. Here is the list of command for CRLFuzz:

-u, –urlDefine single URL to fuzz
-l, –listFuzz URLs within file
-X, –methodSpecify request method to use (default: GET)
-o, –outputFile to save results
-d, –dataDefine request data
-H, –headerPass custom header to target
-x, –proxyUse specified proxy to fuzz
-c, –concurrentSet the concurrency level (default: 25)
-s, –silentSilent mode
-v, –verboseVerbose mode
-V, –versionShow current version
-h, –helpDisplay its help

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × four =