Differences between Hunt Methods
|Hunt Method||Type||Brute||Injection||DoS||Time-Con.||Target||Triple Chk.|
|Complete Scan, Paranoid||Y (Deep)||Y||Y||Y (Very)||E||Y|
|Complete Scan, No DoS||Y||Y||N||Y||E||N|
|Web Application Scan||N||Y||P(***)||N||A,AS,SS||N|
|Web Structure Brute Force||Y (Deep)||N||N||Y (Very)||SS||N|
|Source Code Scan||N||N||N||N||AS||N|
|OWASP PHP Top 5||N||P(*)||N||N||A,AS,SS||N|
|Cross-Site Scripting||N||P (XSS)||N||N||A,AS,SS||N|
|SQL Injection||N||P (SQL)||N||N||A,AS,SS||N|
|Common Web Server Scan||P(**)||N||Y||N||SW,SR||N|
|SANS Top 20||N||N||Y||N||SW,SR||N|
Letters: Yes/No/Partial (Y/N/P)
(*) PHP Top 5 scan will only scan for Remote Command Execution, XSS, SQL Injection and File Inclusion flaws
(**) Brute Force will target mainly the root of the web site
(***) Restricted to Buffer Overflows only
Type of Testing
- - Gray Box
- - White Box
- - Black Box
- A - Web Applications
- AS - Web Application's Source
- SS - Entire Site Structure (including Root; Spidering Enabled)
- SR - Site Root (No Spidering, targets mainly the root of the web site)
- SW - Server Software (flaws affecting the HTTPD)
- E - Everything
A Yes means that the number of checks will be influenced by the number of directories found during the spidering stage.
The Complete Scan (No DoS) method is the default scan method in Syhunt. All available scan methods are described below. If you want to use a different scan method, click the Hunt Method button in the standard toolbar. You will be able to select one of the following options:
Common Web Server Scan
Scans for outdated server software, common web server vulnerabilities and exposures. This scan method will not crawl the web site, but look for vulnerabilities in a very similar way to classic (CGI) scanners
SANS Top 20
Scans specifically for the SANS Top Twenty List of Critical Network Vulnerabilities.
Web Application Scan
Identifies flaws in custom web applications. This scan method crawls the web site and performs attacks against the web site structure and the web applications. This includes looking for fault injection vulnerabilities such as XSS, SQL Injection, File Inclusion, and more.
Web Structure Brute Force
A structure brute force will check for:
- Common Vulnerable Scripts
- Common File Checks
- Custom File Checks (User File Checks)
- Database Disclosure
- Web-Based Backdoors
The number of checks is influenced by the number of directories found during the spidering stage.
OWASP PHP Top 5
Scans specifically for the OWASP Top Five List of PHP Vulnerabilities.
Scans specifically for fault injection vulnerabilities. If this scan method is selected, all other checks that does not require injection are disabled and Syhunt will then specifically check for SQL injection, XSS, file inclusion, and similar flaws.
Cross-Site Scripting (XSS)
Scans specifically for XSS vulnerabilities.
Scans specifically for SQL & NoSQL Injection vulnerabilities.
Scans for both common web server vulnerabilities and web application vulnerabilities. This is the combination of the common web server scan and the web application scan methods plus some additional checks. A Complete Scan can sometimes be very time-consuming when performed against a web server that has a large quantity of web folders (eg: 200 or more web folders).
Complete Scan (No DoS)
Same as before, but with denial-of-service tests disabled.
Complete Scan (Paranoid)
Scans for both common web server vulnerabilities, web application vulnerabilities and common vulnerable scripts around the site structure. This scan method can be very time-consuming, specially when executed against large web sites.
Important: Syhunt's web application scan is only activated when one of these scan methods are selected: Web Application Scan, PHP Top 5, Fault Injection, SQL Injection, XSS or Complete Scan. All other scan methods does not include application checks/spidering.