From Syhunt Web Application Security Docs

SyhuntHybrid5: HuntMethods

Differences between Hunt Methods

Hunt MethodTypeBruteInjectionDoSTime-Con.TargetTriple Chk.
Complete Scan, ParanoidY (Deep)YYY (Very)EY
Complete ScanYYYYEN
Complete Scan, No DoSYYNYEN
Web Application ScanNYP(***)NA,AS,SSN
Web Structure Brute ForceY (Deep)NNY (Very)SSN
Source Code ScanNNNNASN
Fault InjectionNYP(***)NA,AS,SSN
Cross-Site ScriptingNP (XSS)NNA,AS,SSN
Common Web Server ScanP(**)NYNSW,SRN
Spider OnlyNNNNSSN

Letters: Yes/No/Partial (Y/N/P)
(*) PHP Top 5 scan will only scan for Remote Command Execution, XSS, SQL Injection and File Inclusion flaws
(**) Brute Force will target mainly the root of the web site
(***) Restricted to Buffer Overflows only

Type of Testing



A Yes means that the number of checks will be influenced by the number of directories found during the spidering stage.

Triple Checking

Applies to case-sensitive servers. If enabled, Syhunt will try all file name possibilities (all uppercase, all lowercase, all leading capitals, etc).


The Complete Scan (No DoS) method is the default scan method in Syhunt. All available scan methods are described below. If you want to use a different scan method, click the Hunt Method button in the standard toolbar. You will be able to select one of the following options:

Common Web Server Scan

Scans for outdated server software, common web server vulnerabilities and exposures. This scan method will not crawl the web site, but look for vulnerabilities in a very similar way to classic (CGI) scanners

SANS Top 20

Scans specifically for the SANS Top Twenty List of Critical Network Vulnerabilities.

Web Application Scan

Identifies flaws in custom web applications. This scan method crawls the web site and performs attacks against the web site structure and the web applications. This includes looking for fault injection vulnerabilities such as XSS, SQL Injection, File Inclusion, and more.

Web Structure Brute Force

A structure brute force will check for:

The number of checks is influenced by the number of directories found during the spidering stage.


Scans specifically for the OWASP Top Five List of PHP Vulnerabilities.

Fault Injection

Scans specifically for fault injection vulnerabilities. If this scan method is selected, all other checks that does not require injection are disabled and Syhunt will then specifically check for SQL injection, XSS, file inclusion, and similar flaws.

Cross-Site Scripting (XSS)

Scans specifically for XSS vulnerabilities.

SQL Injection

Scans specifically for SQL & NoSQL Injection vulnerabilities.

Complete Scan

Scans for both common web server vulnerabilities and web application vulnerabilities. This is the combination of the common web server scan and the web application scan methods plus some additional checks. A Complete Scan can sometimes be very time-consuming when performed against a web server that has a large quantity of web folders (eg: 200 or more web folders).

Complete Scan (No DoS)

Same as before, but with denial-of-service tests disabled.

Complete Scan (Paranoid)

Scans for both common web server vulnerabilities, web application vulnerabilities and common vulnerable scripts around the site structure. This scan method can be very time-consuming, specially when executed against large web sites.

Important: Syhunt's web application scan is only activated when one of these scan methods are selected: Web Application Scan, PHP Top 5, Fault Injection, SQL Injection, XSS or Complete Scan. All other scan methods does not include application checks/spidering.

Retrieved from
Page last modified on November 02, 2016, at 11:06 AM