CRLFuzz vs Nuclei
GitHub Stats
About CRLFuzz
CRLFuzz is a fast tool to scan CRLF (Carriage Return Line Feed) injection vulnerabilities, written in Go. CRLF injection occurs when an attacker can inject \r\n characters into HTTP headers, potentially leading to HTTP response splitting, cache poisoning, cross-site scripting, and session fixation. CRLFuzz tests URLs by injecting CRLF payloads into various positions (query parameters, path, headers) and detecting whether the injected characters appear in the HTTP response headers. It supports reading URLs from stdin (integrating seamlessly with tools like httpx, waybackurls, and gau), concurrent scanning with configurable threads, custom payloads, and output in multiple formats. CRLFuzz is a focused, single-purpose scanner that does one thing well - finding CRLF injection - making it a reliable component in automated vulnerability scanning pipelines.
About Nuclei
Nuclei is a fast, customizable vulnerability scanner based on YAML templates. It allows scanning for vulnerabilities, misconfigurations, exposed panels, and more across multiple protocols including HTTP, DNS, TCP, SSL, and JavaScript. The community maintains thousands of detection templates covering CVEs, default credentials, exposed APIs, and technology fingerprints. Nuclei's template system makes it easy to write custom checks and share them with the community.
Platform Support
Tags
CRLFuzz only
Nuclei only