Working with CRLFuzz Tool on Kali Linux
Example 1: Single URL
crlfuzz -u "http://w3wiki.org"
In this example, we will be performing a CRLF Vulnerability scan on our target domain w3wiki.org. -u tag is used to specify the domain URL.
Example 2: GET Method
crlfuzz -u "http://w3wiki.org" -X "GET"
In this example, we will be changing the method of Scan from POST to GET method. -X tag is used to specify the method of the scan.
Example 3: Silent
crlfuzz -u "http://w3wiki.org" -s
In this example, we will be performing a silent scan. In Silent Scan only the vulnerable targets will be displayed. As w3wiki.org is a secure Website, the tool has not detected any vulnerable target.
Example 4: Verbose
crlfuzz -u "http://w3wiki.org" -v
1. In this example, we will be displaying the verbose or detailed output of our scan. -v tag is used to display output in verbose mode.
2. In the below Screenshot, we have got the detailed reason why the query was not executed on the w3wiki.org target.
Example 5: Version
crlfuzz -V
In this example, we will be displaying the version of the CRLFuzz tool. -V tag is used to display the version of the tool.
Example 6: URLs from a list
crlfuzz -l target.txt
1. In this Example, we are scanning the targets from the text file. In the below Screenshot, We have displayed the targets.txt file.
2. In the below Screenshot, we have got the results of our Scan.
Example 7: From Stdin
sublist3r -d w3wiki.org | crlfuzz
In this example, We are using the crlfuzz tool with the sublist3r tool.
Example 8: Data
crlfuzz -u "http://w3wiki.org" -X "POST" -d "data=body"
In this example, we are using the -d tag for using the custom data.
Example 9: Adding Headers
crlfuzz -u “http://w3wiki.org” -H “authtoken:dba9cad7701495309c43f93e6bd1b3d2”
In this Example, we are adding the Header to the request by using the -H tag.
Example 10: Using Proxy
crlfuzz -u "http://w3wiki.org" -x http://127.0.0.1:8080
In this example, we are using the proxy server specified in the -x tag.
Example 11: Concurrency
crlfuzz -l target.txt -c 50
In this example, we are changing the concurrency value. Concurrency is the number of fuzzing at the same time
Example 12: Output
crlfuzz -l target.txt -o results.txt
In this Example, we are saving the results in the text file. We have used the -o tag for saving the results.
In the below Screenshot, we are displaying the results .txt file.
Example 13: Library
go run library.go
1. In this example, we are using CRLFuzz as a library.
2. In the below Screenshot, we are running the file.
CRLFuzz – A Linux Tool To Scan CRLF Vulnerability Written in Go
CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. Checking the CRLF Vulnerability manually on the target domain becomes very complicated. So there should be an automated approach for studying the vulnerability. CRLFuzz is a computerized tool designed in the Golang language that scans the CRLF Vulnerability target with a single click. CRLFuzz tool is open-source and free to use.
Note: As CRLFuzz is a Golang language-based tool, so you need to have a Golang environment on your system. So check this link to Install Golang in your system. – Installation of Go Lang in Linux
Contact Us