CRLFuzz vs Feroxbuster
GitHub Stats
About CRLFuzz
CRLFuzz is a fast tool to scan CRLF (Carriage Return Line Feed) injection vulnerabilities, written in Go. CRLF injection occurs when an attacker can inject \r\n characters into HTTP headers, potentially leading to HTTP response splitting, cache poisoning, cross-site scripting, and session fixation. CRLFuzz tests URLs by injecting CRLF payloads into various positions (query parameters, path, headers) and detecting whether the injected characters appear in the HTTP response headers. It supports reading URLs from stdin (integrating seamlessly with tools like httpx, waybackurls, and gau), concurrent scanning with configurable threads, custom payloads, and output in multiple formats. CRLFuzz is a focused, single-purpose scanner that does one thing well - finding CRLF injection - making it a reliable component in automated vulnerability scanning pipelines.
About Feroxbuster
Feroxbuster is a tool designed to perform forced browsing (directory/file enumeration) and content discovery. It is built in Rust for maximum performance and includes features like automatic recursion, wildcard filtering, output file support, and resume capability. Unlike other brute-forcers, feroxbuster automatically discovers and recurses into new directories as it finds them, building a complete picture of the target's file structure.
Platform Support
Tags
CRLFuzz only
Feroxbuster only