From Syhunt Web Application Security Docs

SyhuntHybrid5: Dynamic Scan

While performing a standard, dynamic scan (also known as black box) the Syhunt scanner injects data in the web applications and subsequently analyzes the application response in order to determine if the application code is vulnerable to specific web application security attacks.

Follow along with this guide to learn how to perform a dynamic scan and generate a vulnerability report.

How to perform a dynamic scan

  1. Launch Syhunt Hybrid and double-click the Syhunt Dynamic icon in the welcome page.

  2. Enter the URL of the website you want to scan.

  3. Select a scan method. We recommend the Application Scan (Default) method, which scans for all vulnerabilities using the recommended settings - the different methods are explained in the Hunt Methods section.
  4. Check edit site preferences if you want to change preferences associated with the website. You may want, for example, add a logout URL to the exclusion list.
  5. Click the Start Scan button to start the scan. If you checked edit site preferences, review the settings and then click OK to start the scan.

In the end of the scan, you can click Generate a Report to save the results as a HTML report or any other prefered format.

The next time you perform a scan (unless you want to change site preferences again) you can jump from the step 3 to 5.

Alternate Method: Using the Sandcat Browser

If you prefer, you can launch a scan from within the Sandcat Browser - the end results will be identical to the method explained above.

  1. Launch Syhunt Hybrid and double-click the Sandcat Browser icon in the welcome page.

  2. Navigate to the website you want to scan.
  3. Check the scan preferences associated with the website, you may want, for example, add a logout URL to the exclusion list. (you can do this under the scan button -> Site Preferences). Hit OK to save the settings.
  4. Click the Scan This Site menu option to start the scan.



If you prefer you can scan for specific vulnerabilities using the Scan for Specific Flaws submenu - the different methods are explained in the Hunt Methods section.

In the end of the scan, you can click Generate a Report to save the results as a HTML report or any other prefered format.

The next time you perform a scan (unless you want to change site preferences again) you can jump from the step 2 to 4.

Additional Help

Retrieved from http://www.syhunt.com/docwiki/index.php?n=SyhuntHybrid5.BlackBox
Page last modified on October 01, 2016, at 10:40 AM