CRLFuzz vs XSStrike
GitHub Stats
About CRLFuzz
CRLFuzz is a fast tool to scan CRLF (Carriage Return Line Feed) injection vulnerabilities, written in Go. CRLF injection occurs when an attacker can inject \r\n characters into HTTP headers, potentially leading to HTTP response splitting, cache poisoning, cross-site scripting, and session fixation. CRLFuzz tests URLs by injecting CRLF payloads into various positions (query parameters, path, headers) and detecting whether the injected characters appear in the HTTP response headers. It supports reading URLs from stdin (integrating seamlessly with tools like httpx, waybackurls, and gau), concurrent scanning with configurable threads, custom payloads, and output in multiple formats. CRLFuzz is a focused, single-purpose scanner that does one thing well - finding CRLF injection - making it a reliable component in automated vulnerability scanning pipelines.
About XSStrike
XSStrike is an advanced cross-site scripting (XSS) detection suite that includes a powerful fuzzing engine, context analysis, and WAF detection/bypass capabilities. It automates the process of identifying XSS vulnerabilities by analyzing various contexts and injection points. Written in Python, XSStrike is a go-to tool for security testers looking to identify and exploit XSS vulnerabilities in web applications.
Platform Support
Tags
CRLFuzz only
XSStrike only