Find Crlf injection vulnerable endpoints


Using Go

▶ go install

From git clone

▶ git clone
▶ cd Frizz
▶ go build frizz.go
▶ chmod +x Frizz
▶ ./Frizz -h


Basically, what you need to do is, specify the header value of what you are trying to inject using crlf ->

OBS: The url need protocol, http, https.

Stdin – Single URL and from list

$ echo "" | frizz -payload "crlf=injection"

$ cat targets.txt | frizz -payload "crlf=injection

Adding Headers

$ echo "" | frizz -payload "crlf=injection" -H "Customheader1: value1;cheader2: value2"

Using Proxy

$ cat targets | frizz -payload "crlf=injection" --proxy "http://yourproxy"

$ cat list.txt | frizz -payload "crlf=injection" --only-poc

Check out some of my other programs

Nilo – Checks if URL has status 200

AiriXSS – Looking for xss reflected

Jeeves – Time based blind Injection Scanner

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.


View Github