Vulnerability Checks

This is a complete list of vulnerability checks performed by Syhunt Hybrid 6.

Coverage Type

  • - Fault Injection (Parameter Tampering & Form Field Manipulation) is performed during this check.
  • - Black Box (Dynamic Scan) - Supports any web server platform.
  • - White Box (Source Code Scan) - Supports ASP, ASP.NET, Java / JSP, Lua, Perl, PHP & Python.
ClassCoverage TypeCWE
Command Execution 78
Cross-Site Scripting (XSS) 79
Filter Evasion/Weak Validation  
File Inclusion 98
Local File Inclusion  
Remote File Inclusion  
NoSQL Injection  
MongoDB  
SQL Injection (Error-Based & Blind) 89
Access  
DB2  
dbx  
Firebird/InterBase  
FrontBase  
Informix  
Ingres  
MaxDB  
mSQL  
MySQL  
Oracle  
Ovrimos  
PostgreSQL  
SQL Server  
SQLite  
Swish  
Sybase  
Others  
Unvalidated Redirects 601
Arbitrary File Manipulation 73
Buffer Overflow 120
Cookie Manipulation  
Common Exposures  
Dangerous Methods 749
Default Content 276
Internal IP Address Disclosure 200
CRLF Injection 93
Cross Frame Scripting 352
Default Account 276
Denial-of-Service 730
Directory Listing 548
Directory Traversal 22
Email Form Hijacking  
HTTP Response Splitting 113
Information Disclosure 200
LDAP Injection 90
MX Injection  
Old/Backup Files 530
Common Backup Files  
Common Backup Folders  
Password Disclosure 311
Path Disclosure 211
PHP Code Injection 94
Server-Side JavaScript Injection  
Server-Specific Vulnerabilities  
IIS, iPlanet & Others  
Source Code Disclosure 540
Suspicious HTML Comments  
Unencrypted Login 319
Web-Based Backdoors  
XPath Injection 91

Top Vulnerabilities

The Syhunt scanner software allows organizations to scan web servers and web applications for the top vulnerabilities, which are often listed and described in the OWASP documents, and also other documents (such as the SANS Top 20).

  • OWASP Top 10
  • OWASP PHP Top 5
  • CWE/SANS Top 25
  • WASC Threat Classification

Additional Checks

Some additional checks (not considered vulnerability classes and not listed above) include:

  • Structure Brute Force
    • Admin Pages
    • Common Files and Folders
    • Common Vulnerable Scripts (ASP, ASP .Net, PHP, JSP & Perl)
    • Database Disclosure
  • Key Areas Identification (in source code)
    • Key HTML Tags
    • Key AJAX / JavaScript
    • Entry Points - User Input
    • Entry Points - Indirect User Input
    • Interesting Keywords
  • Configuration Hardening (Apache & PHP)
  • Classic CGI & server checks
    • Common Server Vulnerabilities
    • IDS Testing
    • Outdated Server Software
Page last modified on May 17, 2018, at 04:49 PM