An automated CRLF injection scanner built to speed up testing after large-scale recon or template scans.
I created this tool because after running Nuclei templates, I ended up with 600+ CRLF findings. Manually testing them was time-consuming, so this script automates much of the validation.
- Works with Nuclei output or any general list of URLs.
- Uses custom payloads (
crlf.txt) from CoffinXP. - Supports multiple input files.
- Verbose mode with colored output for better visibility.
- Saves results in both text & JSON summary for later review.
Clone the repo and install dependencies:
git clone https://github.com/Salman-Qurayshi/crlf-scanner.git
cd crlf-scanner
pip install -r requirements.txt --break-system-packages
Scan with a file of URLs
python3 crlf-scanner.py -f targets.txt
Use multiple files
python3 crlf-scanner.py -f nuclei_high.txt nuclei_medium.txt
Enable verbose mode
python3 crlf-scanner.py --files targets.txt --verbose
The only issue i found later was that it generated alot of results, because of multiple payloads which ignored the main point of just getting unique vuln, So for that we can use a regex to get the unqiue urls
grep -Eo '^\[[A-Z]+\] http://[^/]*' results_*.txt | sort -u
Payloads are stored in crlf.txt.
Sourced & adapted from CoffinXPS CRLF payloads .
You can extend or replace the list with your own payloads (Use -p flag).
Results are saved as:
results_.txt → detailed findings.
summary.json → machine-readable summary.
This project is for educational and authorized security testing only. Do not use against systems without explicit permission.