From Syhunt Web Application Security Docs

SyhuntHybrid5: Syhunt HybridCS

SyHybridCS is the console version of the Syhunt Hybrid scanner and is included with the latest release of Syhunt.

Just run the program, which is located in the installation directory of Syhunt Hybrid, with no parameters to see usage instructions. This page also contains specific information about the SyHybridCS command-line utility.

Installation

Download Information

SyHybridCS.exe is included with the latest release of Syhunt. It is located in the installation directory of the suite.

Please note that this version is only available for registered users.

System Requirements

  1. 512 MB of memory
  2. 500 MB of free disk space
  3. Internet connection (optional for remote scanning)
  4. Windows XP, 2003, 2008, Vista, 7, 8 or 10.

Usage

Supported Commands (Version 5.0)

Note: If you are using Syhunt Mini (the free edition of SyHybridCS), some options listed on this page may not be available to you.

Usage: SyHybridCS [target] [optional params]
Examples:
    SyHybridCS www.somehost.com
    SyHybridCS www.somehost.com:8080
    SyHybridCS -hl:Hosts.lst
    (if a port is not specified, 80 will be assigned.)

Optional parameters:
-sn:[session name]  (if not used, "[unixtime]-[target]" will be assigned)
-hm:[method name]   Hunt Method (if not used, "compndos" will be assigned
    Available Methods:
    appscan   (or as)   Web Application Scan; Gray Box
    structbf  (or sbf)  Web Structure Brute Force; Black Box
    codescan  (or cs)   Source Code Scan; White Box
    phptop5             OWASP PHP Top 5; Gray Box
    faultinj  (or fi)   Fault Injection; Gray Box
    sqlinj    (or sqli) SQL & NoSQL Injection; Gray Box
    xss                 Cross-Site Scripting; Gray Box
    servscan  (or ss)   Common Web Server Scan; Black Box
    top20     (or t20)  SANS Top 20; Black Box
    spider    (or spd)  Spider Only
    complete  (or cmp)  Complete Scan; Gray Box
    compnodos (or cnd)  Complete Scan, No DoS; Gray Box
    comppnoid (or cpn)  Complete Scan, Paranoid; Gray box

-emu:[browser name] Browser Emulation Mode (default: msie)
    Available Modes:
    chrome    (or c)    Google Chrome
    firefox   (or ff)   Mozilla Firefox
    msie      (or ie)   Internet Explorer
    opera     (or o)    Opera
    safari    (or s)    Safari

-gr                 Generates a report after scanning
-rtpl:[name]        Sets the report template (default: Standard)
    Available Templates: Standard, Compliance, Complete
-rout:[filename]    Sets the report output filename and format (default: Report_[session name].html)
    Available Formats: html, pdf, doc, rtf, txt, xml

-hl:[filename]      Loads the target hosts from a text file
-hmax:[n]           Sets the maximum number of host threads (default: 10)
-hseq               Enables the sequential host scan mode (disables multi-threaded host scans)

-surl:[path]        Sets a Start URL (eg. /index.php, if not used "/" will be assigned)
-uf                 Ultra fast scan
-mnt:[n]            Sets the maximum number of HTTP threads/requests (default: 14, 4 when -hl is used)
-mnl:[n]            Sets the maximum number of links per server (default: 10000)
-mnr:[n]            Sets the maximum number of retries (default: 2)
-maxdepth:[n]       Sets the maximum crawling depth (default: unlimited)
-tmo:[ms]           Sets the timeout time (default: 8000)
-bb                 Enables the Sandcat WebDiver Browser Bot (Beta)
-def                Loads the default settings (ignores the settings from the current Syhunt installation)
-rls                Remembers the last web structure of the scanned host
-ver:[v]            Sets the HTTP Version (default: 1.1)
-srcdir:[local dir] Sets a Target Code Folder (eg. "C:\www\docs\")
-srcfile:[filename] Sets a Target Code File
-evid               Enables the IDS Evasion
-evaf               Enables the WAF Evasion

Other parameters:
-nomt               Disables multi-threaded requests
-nomc               Disables multi-core support
-nort               Disables request retries (in case of timeout)
-nojs               Disables JavaScript emulation and execution
-noea               Disables e-mail alerts
-nogz               Disables GZIP compression support
-noka               Disables Keep-Alive
-nodos              Disables Denial-of-Service tests
-noifa              Disables input filtering analysis during code scan
-noaxf              Disables advanced XSS false positive filters
-user:[username]    Sets a username for basic server authentication
-pass:[password]    Sets a password for basic server authentication
-wuser:[username]   Sets a username for web form authentication
-wpass:[password]   Sets a password for web form authentication
-clses              Clears all Syhunt sessions from the current Syhunt installation (asks confirmation)
-about              Displays information on the current version of Syhunt
-help (or /?)       Displays this list

For detailed information about scan methods, see the Hunt Methods page.

Scanning IPv6 addresses

SyHybridCS fully supports the scanning of IPv6 addresses. To scan an IPv6 target, enclose the address in square brackets, eg:

SyHybridCS [2001:4860:0:2001::68]

Black Box (Dynamic Scan)

  1. Go to the directory Syhunt Hybrid is installed using the command prompt.
  2. Use the following command-line:
 SyHybridCS [targethost] -sn:[a sessionname] -hm:[a huntmethod]] -gr

 Example:
 SyHybridCS localhost -sn:Example -hm:complete -gr

White Box (Source Code Scan)

  1. Go to the directory Syhunt is installed using the command prompt.
  2. Example command-line:
 SyHybridCS localhost -sn:Scan1 -hm:codescan -srcdir:"C:\WWW\Docs\" -gr

Note: you still need to specify a target host, but no remote connections will be open. If you specify a hunt method other than Source Code Scan (codescan) you will be performing a gray or black box test and remote connections will be made.

Gray Box (Dynamic + Code Scan)

  1. Go to the directory Syhunt Hybrid is installed using the command prompt.
  2. Use the following command-line:
 SyHybridCS [targethost] -sn:[a sessionname] -hm:[a huntmethod]] -srcdir:"[SourceDir]" -gr

 Example:
 SyHybridCS localhost -sn:Example -hm:complete -srcdir:"C:\WWW\Docs\" -gr

Note: if you already entered the source code directory for the target host using the Syhunt Hybrid GUI in a past scan it is not necessary to assign it again using the -srcdir command.

Threads

SyHybridCS now supports multi-process and multi-threaded host scans. Learn below how to use this functionality.

Multi-Threaded Scans

In order to perform a multi-threaded host scan you need to use the -hl parameter. Examples:

 SyHybridCS -hl:Hosts.lst
 SyHybridCS -hl:Hosts.lst -hm:xss -sn:AnyName

Host list files must have one target host per line. Example:

www.host1.com
www.host2.com
www.host3.com:8080
www.host4.com:443

Optional: The -hmax parameter allows to set the maximum number of host threads (default is 10). Example:

 SyHybridCS -hl:Hosts.lst -hmax:5

In this example, 5 hosts will be scanned, hosts in excess will be on queue

Sequential Scans

The -hseq parameter enables the sequential host scan mode (disables multi-threaded host scans).

Reports

SyHybridCS reports are automatically generated and saved if the -gr parameter is provided.

You can also open the session by launching Syhunt Hybrid and using the Menu -> Past Sessions option.

FAQs

What is the correct command line syntax to do a code scan?

Q: I'm using SyHybridCS -hm:cs -srcdir:"C:\Inetpub\wwwroot\aaa" to do code scan, but it is not working. What is the correct command line syntax to do a code scan?

It is still necessary to provide a host address as reference (no connections to the target host will be made). Example:

 SyHybridCS.exe 127.0.0.1 -hm:cs -srcdir:"C:\Inetpub\wwwroot\aaa"
Retrieved from http://www.syhunt.com/docwiki/index.php?n=SyhuntHybrid5.SyMiniCS
Page last modified on June 14, 2016, at 12:36 PM