A fast tool to scan CRLF vulnerability written in Go

Overview

CRLFuzz

made-with-Go go-report license contributions welcome godoc

A fast tool to scan CRLF vulnerability written in Go


Resources

Installation

from Binary

The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with

▶ curl -sSfL https://git.io/crlfuzz | sh -s -- -b /usr/local/bin

from Source

If you have go1.13+ compiler installed and configured:

▶ GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz

In order to update the tool, you can use -u flag with go get command.

from GitHub

▶ git clone https://github.com/dwisiswant0/crlfuzz
▶ cd crlfuzz/cmd/crlfuzz
▶ go build .
▶ mv crlfuzz /usr/local/bin

Usage

Basic Usage

Simply, CRLFuzz can be run with:

▶ crlfuzz -u "http://target"

Flags

▶ crlfuzz -h

This will display help for the tool. Here are all the switches it supports.

Flag Description
-u, --url Define single URL to fuzz
-l, --list Fuzz URLs within file
-X, --method Specify request method to use (default: GET)
-o, --output File to save results
-d, --data Define request data
-H, --header Pass custom header to target
-x, --proxy Use specified proxy to fuzz
-c, --concurrent Set the concurrency level (default: 25)
-s, --silent Silent mode
-v, --verbose Verbose mode
-V, --version Show current CRLFuzz version
-h, --help Display its help

Target

You can define a target in 3 ways:

Single URL

▶ crlfuzz -u "http://target"

URLs from list

▶ crlfuzz -l /path/to/urls.txt

from Stdin

In case you want to chained with other tools.

▶ subfinder -d target -silent | httpx -silent | crlfuzz

Method

By default, CRLFuzz makes requests with GET method. If you want to change it, you can use the -X flag.

▶ crlfuzz -u "http://target" -X "GET"

Output

You can also save fuzzing results to a file with -o flag.

▶ crlfuzz -l /path/to/urls.txt -o /path/to/results.txt

Data

If you want to send a data request using POST, DELETE. PATCH or other methods, you just need to use -d flag.

▶ crlfuzz -u "http://target" -X "POST" -d "data=body"

Adding Headers

May you want to use custom headers to add cookies or other header parts.

▶ crlfuzz -u "http://target" -H "Cookie: ..." -H "User-Agent: ..."

Using Proxy

Using a proxy, proxy string can be specified with a protocol:// prefix to specify alternative proxy protocols.

▶ crlfuzz -u "http://target" -x http://127.0.0.1:8080

Concurrency

Concurrency is the number of fuzzing at the same time. Default value CRLFuzz provide is 25, you can change it by using -c flag.

▶ crlfuzz -l /path/to/urls.txt -c 50

Silent

If you activate this silent mode with the -s flag, you will only see vulnerable targets.

▶ crlfuzz -l /path/to/urls.txt -s | tee vuln-urls.txt

Verbose

Unlike silent mode, it will display error details if there is an error with the -v flag.

▶ crlfuzz -l /path/to/urls.txt -v

Version

To display the current version of CRLFuzz with the -V flag.

▶ crlfuzz -V

Library

You can use CRLFuzz as a library.

package main

import (
	"fmt"

	"github.com/dwisiswant0/crlfuzz/pkg/crlfuzz"
)

func main() {
	target := "http://target"
	method := "GET"

	// Generates a potentially CRLF vulnerable URLs
	for _, url := range crlfuzz.GenerateURL(target) {
		// Scan against target
		vuln, err := crlfuzz.Scan(url, method, "", []string{}, "")
		if err != nil {
			panic(err)
		}

		if vuln {
			fmt.Printf("VULN! %s\n", url)
		}
	}
}

Help & Bugs

If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.

License

CRLFuzz released under MIT. See LICENSE for more details.

Version

Current version is 1.4.0 and still development.

Comments
Releases(v1.4.1)
Owner
dw1
Bashturbation
dw1
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why?

Ryan D'Amour 141 Nov 20, 2022
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

ProjectDiscovery 10.7k Nov 29, 2022
Fast scan for redtools

scaninfo by 华东360安服团队 注意的点 漏洞扫描的时候有时候最后几个任务会卡住,是因为ftp爆破模块,这个fscan也一样目前没有好的解决办法,后续更新.先阶段可以-eq 21跳过ftp,或者control+c 主动停止不影响结果保存。 有时候扫外网的全端口会漏掉端口可以使用-n 指定

kb_24 588 Nov 27, 2022
Go network scan tool.

gns Go network scan tool. Version: v0.6.0 Usage: gns [Options] <IP or domain> eg: gns -r 22-8080 -s 300 localhost Options: -a All ports, 1-6553

Sean Zhang 2 Dec 9, 2021
A port scan and service weakpass brute tool build by golang.

A port scan and service weakpass brute tool build by golang.

M1ku 73 Nov 22, 2022
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

GuidePoint Security, LLC 2 Apr 13, 2022
A tool for checking log4shell vulnerability mitigations

log4shell-ldap A tool for checking log4shell vulnerability mitigations. Usage: Build a container image: docker build . -t log4shell Run it: docker run

Jaromir Hamala 27 Jul 15, 2022
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Alexander Bakker 66 Nov 2, 2022
log4jshell vulnerability checker tool

Description log4j-checker tool helps identify whether a certain system is running a vulnerable version of the log4j library. Download and run the tool

null 1 Dec 20, 2021
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in

null 53 Nov 23, 2022
Scan and analyze OSS dependencies and licenses from compiled Go binaries

golicense - Go Binary OSS License Scanner golicense is a tool that scans compiled Go binaries and can output all the dependencies, their versions, and

Mitchell Hashimoto 664 Nov 6, 2022
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

gilfoyle97 639 Nov 27, 2022
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har

VMware 5 Nov 1, 2022
WIP. Converts Azure Container Scan Action output to SARIF, for an easier integration with GitHub Code Scanning

container-scan-to-sarif container-scan-to-sarif converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for

Armel Soro 2 Jan 25, 2022
Use golang.org/x/vuln to scan your dependencies

vulnz - Use golang.org/x/vuln to scan your dependencies vulnz uses golang.org/x/vuln to scan the dependencies in your go.mod. Install go install githu

Miki Tebeka 2 Oct 10, 2022
Git watchdog will scan your public repository and find out the vulnerabilities

Dependencies Docker Go 1.17 MySQL 8.0.25 Bootstrap Run chmod +x start.sh if start.sh script does not have privileged to run Run ./start.sh --bootstrap

Quang Nguyen 2 Dec 30, 2021
Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

null 2 Dec 28, 2021
Log4j-scanner tools - Support for multiple scan method

Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage

BREAK TEAM - Hacking Team 2 Sep 7, 2022