
Installation
from Binary
The installation is easy. You can download a prebuilt binary from the releases page, unpack and run! or with
▶ curl -sSfL http://git.io/get-crlfuzz | sh -s -- -b /usr/local/bin
from Source
If you have go1.13+ compiler installed and configured:
▶ GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz
In order to update the tool, you can use -u
flag with go gets command.
from GitHub
▶ git clone https://github.com/dwisiswant0/crlfuzz
▶ cd crlfuzz/cmd/crlfuzz
▶ go build .
▶ mv crlfuzz /usr/local/bin
Usage
Basic Usage
Simply, CRLFuzz can be run with:
▶ crlfuzz -u "http://target"
Flags
▶ crlfuzz -h
This will display help for the tool. Here are all the switches it supports.
Flag | Description |
---|---|
-u, --url
|
Define single URL to fuzz |
-l, --list
|
Fuzz URLs within file |
-X, --method
|
Specify request method to use (default: GET) |
-o, --output
|
File to save results |
-d, --data
|
Define request data |
-H, --header
|
Pass custom header to target |
-x, --proxy
|
Use specified proxy to fuzz |
-c, --concurrent
|
Set the concurrency level (default: 25) |
-s, --silent
|
Silent mode |
-v, --verbose
|
Verbose mode |
-V, --version
|
Show current CRLFuzz version |
-h, --help
|
Display its help |
Target
You can define a target in 3 ways:
Single URL
▶ crlfuzz -u "http://target"
URLs from list
▶ crlfuzz -l /path/to/urls.txt
from Stdin
In case you want to chain with other tools.
▶ subfinder -d target -silent | httpx -silent | crlfuzz
Method
By default, CRLFuzz makes requests with GET
method. If you want to change it, you can use the -X
flag.
▶ crlfuzz -u "http://target" -X "GET"
Output
You can also save fuzzing results to a file with -o
flag.
▶ crlfuzz -l /path/to/urls.txt -o /path/to/results.txt
Data
If you want to send a data request using POST, DELETE. PATCH or other methods, you just need to use -d
flag.
▶ crlfuzz -u "http://target" -X "POST" -d "data=body"
Adding Headers
May you want to use custom headers to add cookies or other header parts.
▶ crlfuzz -u "http://target" -H "Cookie: ..." -H "User-Agent: ..."
Using Proxy
Using a proxy, the proxy string can be specified with a protocol://
prefix to specify alternative proxy protocols.
▶ crlfuzz -u "http://target" -x http://127.0.0.1:8080
Concurrency
Concurrency is the number of fuzzing at the same time. The default value CRLFuzz provide is 25
, you can change it by using -c
flag.
▶ crlfuzz -l /path/to/urls.txt -c 50
Silent
If you activate this silent mode with the -s
flag, you will only see vulnerable targets.
▶ crlfuzz -l /path/to/urls.txt -s | tee vuln-urls.txt
Verbose
Unlike silent mode, it will display error details if there is an error with the -v
flag.
▶ crlfuzz -l /path/to/urls.txt -v
Version
To display the current version of CRLFuzz with the -V
flag.
▶ crlfuzz -V
Library
You can use CRLFuzz as a library.
package main
import (
"fmt"
"github.com/dwisiswant0/crlfuzz/pkg/crlfuzz"
)
func main() {
target := "http://target"
method := "GET"
// Generates a potentially CRLF vulnerable URLs
for _, url := range crlfuzz.GenerateURL(target) {
// Scan against target
vuln, err := crlfuzz.Scan(url, method, "", []string{}, "")
if err != nil {
panic(err)
}
if vuln {
fmt.Printf("VULN! %s\n", url)
}
}
}
Help & Bugs
If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.
License
CRLFuzz released under MIT. See LICENSE
for more details.
Version
The current version is 1.4.0 and still developing.
Author

- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Latest Articles
Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
Blog2022.10.12Vulnerability management with Wazuh open source XDR
Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky