SyMiniCS (formerly SandcatCS) is the console version of the Syhunt scanner and is included with the latest release of Syhunt Dynamic, Code or Hybrid.
Just run the program, which is located in the installation directory of the Syhunt Suite, with no parameters to see usage instructions. This page also contains specific information about the SyMiniCS command-line utility.
- Installation
- Usage
- FAQs
Installation
Download Information
SyMiniCS.exe is included with the latest release of Syhunt Suite. It is located in the installation directory of the suite.
Syhunt Suite is available for download at: http://www.syhunt.com/?n=Members.Downloads.
Please note that this version is only available for registered users.
System Requirements
- 512 MB of memory
- 200 MB of free disk space
- Internet connection (optional for remote scanning)
- Windows XP, 2003, 2008, Vista or 7.
- As a user of a more recent Windows version you may need to be logged in with full administration rights
Usage
Supported Commands (Version 4.5)
Note: If you are using Syhunt Mini (the free edition of SyMiniCS), some options listed on this page may not be available to you.
Usage: SyMiniCS [target] [optional params] Examples: SyMiniCS www.somehost.com SyMiniCS www.somehost.com:8080 SyMiniCS -hl:Hosts.lst (if a port is not specified, 80 will be assigned.) Optional parameters: -sn:[session name] (if not used, "[unixtime]-[target]" will be assigned) -hm:[method name] Hunt Method (if not used, "compndos" will be assigned Available Methods: appscan (or as) Web Application Scan; Gray Box structbf (or sbf) Web Structure Brute Force; Black Box codescan (or cs) Source Code Scan; White Box phptop5 OWASP PHP Top 5; Gray Box faultinj (or fi) Fault Injection; Gray Box sqlinj (or sqli) SQL & NoSQL Injection; Gray Box xss Cross-Site Scripting; Gray Box servscan (or ss) Common Web Server Scan; Black Box top20 (or t20) SANS Top 20; Black Box spider (or spd) Spider Only complete (or cmp) Complete Scan; Gray Box compnodos (or cnd) Complete Scan, No DoS; Gray Box comppnoid (or cpn) Complete Scan, Paranoid; Gray box -emu:[browser name] Browser Emulation Mode (default: msie) Available Modes: chrome (or c) Google Chrome firefox (or ff) Mozilla Firefox msie (or ie) Internet Explorer opera (or o) Opera safari (or s) Safari -gr Generates a report after scanning -rtpl:[name] Sets the report template (default: Standard) Available Templates: Standard, Compliance, Complete -rout:[filename] Sets the report output filename and format (default: Report_[session name].html) Available Formats: html, pdf, doc, rtf, txt, xml -hl:[filename] Loads the target hosts from a text file -hmax:[n] Sets the maximum number of host threads (default: 10) -hseq Enables the sequential host scan mode (disables multi-threaded host scans) -surl:[path] Sets a Start URL (eg. /index.php, if not used "/" will be assigned) -uf Ultra fast scan -mnt:[n] Sets the maximum number of HTTP threads/requests (default: 14, 4 when -hl is used) -mnl:[n] Sets the maximum number of links per server (default: 10000) -mnr:[n] Sets the maximum number of retries (default: 2) -maxdepth:[n] Sets the maximum crawling depth (default: unlimited) -tmo:[ms] Sets the timeout time (default: 8000) -bb Enables the Sandcat WebDiver Browser Bot (Beta) -def Loads the default settings (ignores the settings from the current Syhunt installation) -rls Remembers the last web structure of the scanned host -ver:[v] Sets the HTTP Version (default: 1.1) -srcdir:[local dir] Sets a Target Code Folder (eg. "C:\www\docs\") -evid Enables the IDS Evasion -evaf Enables the WAF Evasion Other parameters: -nomt Disables multi-threaded requests -nomc Disables multi-core support -nort Disables request retries (in case of timeout) -nojs Disables JavaScript emulation and execution -noea Disables e-mail alerts -nojava Disables Java -noplg Disables plugins (such as Flash and Silverlight) -nogz Disables GZIP compression support -noka Disables Keep-Alive -nodos Disables Denial-of-Service tests -noifa Disables input filtering analysis during code scan -noaxf Disables advanced XSS false positive filters -user:[username] Sets a username for basic server authentication -pass:[password] Sets a password for basic server authentication -wuser:[username] Sets a username for web form authentication -wpass:[password] Sets a password for web form authentication -clses Clears all Syhunt sessions from the current Syhunt installation (asks confirmation) -about Displays information on the current version of Syhunt -help (or /?) Displays this list
For detailed information about scan methods, see the Hunt Methods page.
Scanning IPv6 addresses
SyMiniCS fully supports the scanning of IPv6 addresses. To scan an IPv6 target, enclose the address in square brackets, eg:
SyMiniCS [2001:4860:0:2001::68]
Threads
SyMiniCS now supports multi-process and multi-threaded host scans. Learn below how to use this functionality.
Multi-Threaded Scans
In order to perform a multi-threaded host scan you need to use the -hl parameter. Examples:
SyMiniCS -hl:Hosts.lst SyMiniCS -hl:Hosts.lst -hm:xss -sn:AnyName
Host list files must have one target host per line. Example:
www.host1.com www.host2.com www.host3.com:8080 www.host4.com:443
Optional: The -hmax parameter allows to set the maximum number of host threads (default is 10). Example:
SyMiniCS -hl:Hosts.lst -hmax:5
In this example, 5 hosts will be scanned, hosts in excess will be on queue
Sequential Scans
The -hseq parameter enables the sequential host scan mode (disables multi-threaded host scans).
Session Management
Syhunt Suite includes a new utility (SesmanCS.exe) to pause/unpause, list and stop SyMiniCS sessions. The supported commands are listed below.
Supported Commands
Usage Examples: SesmanCS -pa SesmanCS -p:CustomerX Available parameters: -p:[session name] Pauses a session -u:[session name] Unpauses a session -s:[session name] Stops a session -lai Lists all sessions (active and inactive) -la Lists active sessions -pa Pauses active sessions -ua Unpauses active sessions -sa Stops active sessions -help (or /?) Displays this list
Reports
SyMiniCS reports are automatically generated and saved if the -gr parameter is provided.
You can also open the session with the main Syhunt Suite UI by calling:
SySuite.exe -s:[session name]
Or by launching Syhunt Suite, and using the menu File -> Load session... option.
FAQs
What is the correct command line syntax to do a code scan?
Q: I'm using SyMiniCS -hm:cs -srcdir:"C:\Inetpub\wwwroot\aaa" to do code scan, but it is not working. What is the correct command line syntax to do a code scan?
It is still necessary to provide a host address as reference (no connections to the target host will be made). Example:
SyMiniCS.exe 127.0.0.1 -hm:cs -srcdir:"C:\Inetpub\wwwroot\aaa"