CRLFsuite - CRLF injection scanner

made-with-python GitHub release PyPI license GitHub forks GitHub contributors

The project is no more managed by developers.

CRLFsuite is a powerful tool for CRLF injection detection and exploitation. Want to know how it works. Here's how


You can install CRLFsuite using pip as given below:

pip3 install crlfsuite

or download this repository and run the following command:

sudo python3 install


  • Single URL scanning

  • Multiple URL scanning

  • Stdin supported

  • WAF detection

  • Powerful payload generator

  • CRLF Injection to XSS Chaining feature

  • GET & POST method supported

  • Concurrency

  • Fast and efficient scanning with negligible false-positive

Newly added in v2.5.1:

  • Json & Text ouput supported

  • Multiple headers supported

  • Verbose output supported

  • Scan can be resumed after CTRL^C is pressed

  • Added heuristic (basic) scanner

  • Compatibility with windows