SyHybridCS is the console version of the Syhunt Hybrid scanner and is included with the latest release of Syhunt.
Just run the program, which is located in the installation directory of Syhunt Hybrid, with no parameters to see usage instructions. This page also contains specific information about the SyHybridCS command-line utility.
- Installation
- Usage
- FAQs
Installation
Download Information
SyHybridCS.exe is included with the latest release of Syhunt. It is located in the installation directory of the suite.
Please note that this version is only available for registered users.
System Requirements
- 512 MB of memory
- 500 MB of free disk space
- Internet connection (optional for dynamic scanning)
- Windows XP, 2003, 2008, Vista, 7, 8 or 10.
Usage
Supported Commands (Version 5.0)
Note: If you are using Syhunt Mini (the free edition of SyHybridCS), some options listed on this page may not be available to you.
Usage: SyHybridCS [target] [optional params] Examples: SyHybridCS www.somehost.com SyHybridCS www.somehost.com:8080 SyHybridCS -hl:Hosts.lst (if a port is not specified, 80 will be assigned.) Optional parameters: -sn:[session name] (if not used, "[unixtime]-[target]" will be assigned) -hm:[method name] Hunt Method (if not used, "compndos" will be assigned Available Methods: appscan (or as) Web Application Scan; Gray Box structbf (or sbf) Web Structure Brute Force; Black Box codescan (or cs) Source Code Scan; White Box phptop5 OWASP PHP Top 5; Gray Box faultinj (or fi) Fault Injection; Gray Box sqlinj (or sqli) SQL & NoSQL Injection; Gray Box xss Cross-Site Scripting; Gray Box servscan (or ss) Common Web Server Scan; Black Box top20 (or t20) SANS Top 20; Black Box spider (or spd) Spider Only complete (or cmp) Complete Scan; Gray Box compnodos (or cnd) Complete Scan, No DoS; Gray Box comppnoid (or cpn) Complete Scan, Paranoid; Gray box -emu:[browser name] Browser Emulation Mode (default: msie) Available Modes: chrome (or c) Google Chrome firefox (or ff) Mozilla Firefox msie (or ie) Internet Explorer opera (or o) Opera safari (or s) Safari -gr Generates a report after scanning -rtpl:[name] Sets the report template (default: Standard) Available Templates: Standard, Compliance, Complete -rout:[filename] Sets the report output filename and format (default: Report_[session name].html) Available Formats: html, pdf, doc, rtf, txt, xml -hl:[filename] Loads the target hosts from a text file -hmax:[n] Sets the maximum number of host threads (default: 10) -hseq Enables the sequential host scan mode (disables multi-threaded host scans) -surl:[path] Sets a Start URL (eg. /index.php, if not used "/" will be assigned) -uf Ultra fast scan -mnt:[n] Sets the maximum number of HTTP threads/requests (default: 14, 4 when -hl is used) -mnl:[n] Sets the maximum number of links per server (default: 10000) -mnr:[n] Sets the maximum number of retries (default: 2) -maxdepth:[n] Sets the maximum crawling depth (default: unlimited) -tmo:[ms] Sets the timeout time (default: 8000) -bb Enables the Sandcat WebDiver Browser Bot (Beta) -def Loads the default settings (ignores the settings from the current Syhunt installation) -rls Remembers the last web structure of the scanned host -ver:[v] Sets the HTTP Version (default: 1.1) -srcdir:[local dir] Sets a Target Code Folder (eg. "C:\www\docs\") -srcfile:[filename] Sets a Target Code File -evid Enables the IDS Evasion -evaf Enables the WAF Evasion Other parameters: -nomt Disables multi-threaded requests -nomc Disables multi-core support -nort Disables request retries (in case of timeout) -nojs Disables JavaScript emulation and execution -noea Disables e-mail alerts -nogz Disables GZIP compression support -noka Disables Keep-Alive -nodos Disables Denial-of-Service tests -noifa Disables input filtering analysis during code scan -noaxf Disables advanced XSS false positive filters -user:[username] Sets a username for basic server authentication -pass:[password] Sets a password for basic server authentication -wuser:[username] Sets a username for web form authentication -wpass:[password] Sets a password for web form authentication -clses Clears all Syhunt sessions from the current Syhunt installation (asks confirmation) -about Displays information on the current version of Syhunt -help (or /?) Displays this list
For detailed information about scan methods, see the Hunt Methods page.
Scanning IPv6 addresses
SyHybridCS fully supports the scanning of IPv6 addresses. To scan an IPv6 target, enclose the address in square brackets, eg:
SyHybridCS [2001:4860:0:2001::68]
Black Box (Dynamic Scan)
- Go to the directory Syhunt Hybrid is installed using the command prompt.
- Use the following command-line:
SyHybridCS [targethost] -sn:[a sessionname] -hm:[a huntmethod]] -gr Example: SyHybridCS localhost -sn:Example -hm:complete -gr
White Box (Source Code Scan)
- Go to the directory Syhunt is installed using the command prompt.
- Example command-line:
SyHybridCS localhost -sn:Scan1 -hm:codescan -srcdir:"C:\WWW\Docs\" -gr
Note: you still need to specify a target host, but no remote connections will be open. If you specify a hunt method other than Source Code Scan (codescan) you will be performing a gray or black box test and remote connections will be made.
Gray Box (Dynamic + Code Scan)
- Go to the directory Syhunt Hybrid is installed using the command prompt.
- Use the following command-line:
SyHybridCS [targethost] -sn:[a sessionname] -hm:[a huntmethod]] -srcdir:"[SourceDir]" -gr Example: SyHybridCS localhost -sn:Example -hm:complete -srcdir:"C:\WWW\Docs\" -gr
Note: if you already entered the source code directory for the target host using the Syhunt Hybrid GUI in a past scan it is not necessary to assign it again using the -srcdir command.
Threads
SyHybridCS now supports multi-process and multi-threaded host scans. Learn below how to use this functionality.
Multi-Threaded Scans
In order to perform a multi-threaded host scan you need to use the -hl parameter. Examples:
SyHybridCS -hl:Hosts.lst SyHybridCS -hl:Hosts.lst -hm:xss -sn:AnyName
Host list files must have one target host per line. Example:
www.host1.com www.host2.com www.host3.com:8080 www.host4.com:443
Optional: The -hmax parameter allows to set the maximum number of host threads (default is 10). Example:
SyHybridCS -hl:Hosts.lst -hmax:5
In this example, 5 hosts will be scanned, hosts in excess will be on queue
Sequential Scans
The -hseq parameter enables the sequential host scan mode (disables multi-threaded host scans).
Reports
SyHybridCS reports are automatically generated and saved if the -gr parameter is provided.
You can also open the session by launching Syhunt Hybrid and using the Menu -> Past Sessions option.
FAQs
What is the correct command line syntax to do a code scan?
Q: I'm using SyHybridCS -hm:cs -srcdir:"C:\Inetpub\wwwroot\aaa" to do code scan, but it is not working. What is the correct command line syntax to do a code scan?
It is still necessary to provide a host address as reference (no connections to the target host will be made). Example:
SyHybridCS.exe 127.0.0.1 -hm:cs -srcdir:"C:\Inetpub\wwwroot\aaa"