This is a complete list of vulnerability checks performed by Syhunt Hybrid 6.
Coverage Type
- - Fault Injection (Parameter Tampering & Form Field Manipulation) is performed during this check.
- - Black Box (Dynamic Scan) - Supports any web server platform.
- - White Box (Source Code Scan) - Supports ASP, ASP.NET, Java / JSP, Lua, Perl, PHP & Python.
Class | Coverage Type | CWE |
Command Execution | 78 | |
Cross-Site Scripting (XSS) | 79 | |
Filter Evasion/Weak Validation | ||
File Inclusion | 98 | |
Local File Inclusion | ||
Remote File Inclusion | ||
NoSQL Injection | ||
MongoDB | ||
SQL Injection (Error-Based & Blind) | 89 | |
Access | ||
DB2 | ||
dbx | ||
Firebird/InterBase | ||
FrontBase | ||
Informix | ||
Ingres | ||
MaxDB | ||
mSQL | ||
MySQL | ||
Oracle | ||
Ovrimos | ||
PostgreSQL | ||
SQL Server | ||
SQLite | ||
Swish | ||
Sybase | ||
Others | ||
Unvalidated Redirects | 601 | |
Arbitrary File Manipulation | 73 | |
Buffer Overflow | 120 | |
Cookie Manipulation | ||
Common Exposures | ||
Dangerous Methods | 749 | |
Default Content | 276 | |
Internal IP Address Disclosure | 200 | |
CRLF Injection | 93 | |
Cross Frame Scripting | 352 | |
Default Account | 276 | |
Denial-of-Service | 730 | |
Directory Listing | 548 | |
Directory Traversal | 22 | |
Email Form Hijacking | ||
HTTP Response Splitting | 113 | |
Information Disclosure | 200 | |
LDAP Injection | 90 | |
MX Injection | ||
Old/Backup Files | 530 | |
Common Backup Files | ||
Common Backup Folders | ||
Password Disclosure | 311 | |
Path Disclosure | 211 | |
PHP Code Injection | 94 | |
Server-Side JavaScript Injection | ||
Server-Specific Vulnerabilities | ||
IIS, iPlanet & Others | ||
Source Code Disclosure | 540 | |
Suspicious HTML Comments | ||
Unencrypted Login | 319 | |
Web-Based Backdoors | ||
XPath Injection | 91 |
Top Vulnerabilities
The Syhunt scanner software allows organizations to scan web servers and web applications for the top vulnerabilities, which are often listed and described in the OWASP documents, and also other documents (such as the SANS Top 20).
- OWASP Top 10
- OWASP PHP Top 5
- CWE/SANS Top 25
- WASC Threat Classification
Additional Checks
Some additional checks (not considered vulnerability classes and not listed above) include:
- Structure Brute Force
- Admin Pages
- Common Files and Folders
- Common Vulnerable Scripts (ASP, ASP .Net, PHP, JSP & Perl)
- Database Disclosure
- Key Areas Identification (in source code)
- Key HTML Tags
- Key AJAX / JavaScript
- Entry Points - User Input
- Entry Points - Indirect User Input
- Interesting Keywords
- Configuration Hardening (Apache & PHP)
- Classic CGI & server checks
- Common Server Vulnerabilities
- IDS Testing
- Outdated Server Software
Page last modified on May 17, 2018, at 04:49 PM