CRLFMap is a tool for finding HTTP Splitting vulnerabilities.
Installation
go get github.com/ryandamour/crlfmap
Help
Available Commands:
help Help about any command
scan A scanner for all your CRLF needs
flags:
-h, –help help for crlfmap
Use
crlfmap scan –domains domains.txt – output results.txt
=============================
CRLFMap v0.0.1
by Ryan D'Amour @ryandamour
=============================
:: Domains: domains.txt
:: Payloads: payloads.txt
:: Threads : 1
:: Output: results.txt
:: User Agent: Mozilla / 5.0 (X11; Linux x86_64) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome / 81.0.4044.138 Safari / 537.36
:: Timeout: 10
:: Delay: 0
=============================
[+] http: // localhost: 3000 / v1 /% 0AInjected-Header: CRLFInjecttest.json: is Vulnerable
[+] http: // localhost: 3000 / v1 /% 20% 0AInjected-Header: CRLFInjecttest.json: is Vulnerable
=============================
You can download it program from here.