CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities
CRLFMap is a tool to find HTTP Splitting vulnerabilities
Why?
- I wanted to write a tool in Golang for concurrency
- I wanted to be able to fuzz both parameters and paths
Installation
go get github.com/ryandamour/crlfmap
Help
Available Commands: help Help about any command scan A scanner for all your CRLF needsFlags: -h, --help help for crlfmap
scan
usagecrlfmap scan --domains domains.txt --output results.txt===============================================================CRLFMap v0.0.1by Ryan D'Amour @ryandamour =============================================================== _ __ | |/ _| ___ _ __| | |_ _ __ ___ __ _ _ __ / __| '__| | _| '_ ' _ \/ _' | '_ \ | (__| | | | | | | | | | | (_| | |_) | \___|_| |_|_| |_| |_| |_|\__,_| .__/ | | |_| v0.0.1 -----------------------:: Domains : domains.txt:: Payloads : payloads.txt:: Threads : 1:: Output : results.txt:: User Agent : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chr ome/81.0.4044.138 Safari/537.36:: Timeout : 10:: Delay : 0-----------------------[+]http://localhost:3000/v1/%0AInjected-Header:CRLFInjecttest.json: is Vulnerable[+]http://localhost:3000/v1/%20%0AInjected-Header:CRLFInjecttest.json: is Vulnerable
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Via: feedproxy.google.com
CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities
Reviewed by Anónimo
on
8:37
Rating: