SkillAgentSearch skills...

Crlfix

CrlfiX

GenerateConvertImprove

Install / Use

/learn @RevoltSecurities/Crlfix
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Crlfix - An accurate and concurrent CRLF Injection Vulnerability Scanner

Fast, Accurate, and Concurrent CRLF Injection Scanner

GitHub last commit GitHub release (latest by date) GitHub license

Overview:

Crlfix is an advanced CRLF injection vulnerability scanner designed for penetration testers and security researchers. It efficiently detects CRLF injection points in web applications while offering high concurrency and customization options.

<h1 align="center"> <img src="https://github.com/user-attachments/assets/2992e83b-879b-41f8-8f69-c8deaf480772" width="700px"> <br> </h1>

Features:

Accurate Scanning – Detects CRLF injection points effectively.
High Concurrency – Supports multiple concurrent scans with adjustable rate limits.
Custom Headers & Configuration – Allows setting HTTP headers and custom configurations.
Proxy Support – Enables scanning through proxies for anonymity.
Optimized Performance – Adjustable timeout, delay, and random User-Agent support.
Notification System – Alerts when a CRLF injection is detected.
Input Flexibility – Supports single URLs, list files, and stdin/stdout input.

Installation:

Using Go:

go install -v github.com/RevoltSecurities/Crlfix/crlfix@latest

Manual Installation

  1. Clone the repository: 
    git clone https://github.com/RevoltSecurities/Crlfix.git && cd Crlfix
  2. Build the binary: 
    go build -o crlfix
  3. Run the tool: 
    ./crlfix -h

Usage:

crlfix -h


                |    _|  _)  \ \  /
   __|    __|   |   |     |   \  /
  (      |      |   __|   |      \
 \___|  _|     _|  _|    _|   _/\_\


                    - RevoltSecurities
           
[DESCRIPTION]:  An accurate and concurrent CRLF injection scanner


[USAGE]:  

    crlfix [flags]

[FLAGS]:  


    [INPUT]:  

        -u,  --url                      :  Target URL for CRLF injection scan
        -l,  --list                     :  File containing a list of URLs for CRLF injection scan
        stdin/stdout                    :  crlfix also supports stdin/stdout for URL input/output.

    [OUTPUT]:  

        -O,  --save                     :  File to save the results of the scan.

    [CONCURRENCY]:  

        -c,  --concurrency              :  Set concurrency level (default: 10).
        -L,  --rate-limit               :  Specify the rate limit for concurrent requests.

    [OPTIMIZATION]:  

        -T,  --timeout                  :  Maximum timeout for requests (default: 20 seconds).
        -D,  --delay                    :  Delay (in milliseconds) between each request.
        -R,  --random-agent             :  Use random User-Agent headers for requests.

    [CONFIGURATION]:  

        -C,  --config                   :  Path to the custom configuration file of crlfix.
        -H,  --headers                  :  Headers to include in the HTTP requests (e.g., -H cookie:values, -H X-Orgin-Host:127.0.0.1).

    [NETWORK]:  

        -p,  --proxy                    :  Proxy URL for requests.
        -r,  --follow-redirect          :  Follow HTTP redirections (default: false).
        -M,  --max-redirect             :  Maximum number of redirects to follow (default: 20).

    [NOTIFICATIONS]:  

        -N,  --notify                   :  Enable notifications if CRLF injection is found.
    
    [DEBUGGING]:  

        -v,  --verbose                  :  Print errors and reasons for failed requests and other informations.
        -s,  --silent                   :  Disable banner and version logging.

Basic Scan

Scan a single URL for CRLF injection:

crlfix -u https://example.com

Scanning Multiple URLs

Provide a file containing multiple URLs:

crlfix -l urls.txt

Using stdin/stdout

cat urls.txt | crlfix

Adjusting Concurrency

crlfix -u https://example.com -c 20

Using Proxy

crlfix -u https://example.com -p http://127.0.0.1:8080

Custom Headers

crlfix -u https://example.com -H "X-Forwarded-For: 127.0.0.1"

Saving Output

crlfix -u https://example.com -O results.txt

Security

Crlfix is built for ethical hacking and security testing. It is designed to not cause harm and should only be used with proper authorization. The tool does not exploit vulnerabilities but identifies potential risks for remediation.

License

Crlfix is open-source and released under the MIT License.

About:

The Crlfix is a cutting-edge CRLF injection vulnerability scanner developed by RevoltSecurities to empower Security Researchers and Penetration Testers. Designed for speed, accuracy, and efficiency, Crlfix automates the detection of CRLF injection vulnerabilities, making security assessments more effective. Released under the MIT License, it reflects our commitment to fostering innovation and collaboration within the open-source community.

At RevoltSecurities, we strive to equip researchers with advanced automation tools that simplify complex security testing, enabling professionals to focus on securing modern web applications and infrastructures.

RevoltSecurities

View profile

View on GitHub
GitHub Stars22
CategoryDevelopment
Updated8d ago
Forks3
RevoltSecurities/Crlfix

Languages

Go

Security Score

85/100

Audited on Apr 1, 2026

No findings