Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities

$
0
0


CRLFMap is a tool to find HTTP Splitting vulnerabilities


Why?
  • I wanted to write a tool in Golang for concurrency
  • I wanted to be able to fuzzboth parameters and paths

Installation
go get github.com/ryandamour/crlfmap

Help
Available Commands:
help Help about any command
scan A scanner for all your CRLF needs

Flags:
-h, --help help for crlfmap

scan usage
crlfmap scan --domains domains.txt --output results.txt

===============================================================
CRLFMap v0.0.1
by Ryan D'Amour @ryandamour
===============================================================
_ __
| |/ _|
___ _ __| | |_ _ __ ___ __ _ _ __
/ __| '__| | _| '_ ' _ \/ _' | '_ \
| (__| | | | | | | | | | | (_| | |_) |
\___|_| |_|_| |_| |_| |_|\__,_| .__/
| |
|_|

v0.0.1
-----------------------
:: Domains : domains.txt
:: Payloads : payloads.txt
:: Threads : 1
:: Output : results.txt
:: User Agent : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chr ome/81.0.4044.138 Safari/537.36
:: Timeout : 10
:: Delay : 0
-----------------------
[+]http://localhost:3000/v1/%0AInjected-Header:CRLFInjecttest.json: is Vulnerable
[+]http://localhost:3000/v1/%20%0AInjected-Header:CRLFInjecttest.json: is Vulnerable

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.




Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>