Syhunt Dynamic: Getting Started

The information in this document applies to version 6.5 of Syhunt Dynamic.

How to perform a dynamic scan

While performing a standard, dynamic scan (also known as black box) the Syhunt scanner injects data in the web applications and subsequently analyzes the application response in order to determine if the application code is vulnerable to specific web application security attacks.

Main Supported Languages

ASP (Classic)
Java / JSP

Follow along with this guide to learn how to perform a dynamic scan and generate a vulnerability report.

This software should be used only by system administrators (or other people in charge). It should not be used to scan web sites outside of your direct control. Read Terms

  1. Launch Syhunt Hybrid and click the Syhunt Dynamic icon or New Scan button in the welcome page.

  2. Enter the URL of the website you want to scan.

  3. Select a scan method. We recommend the Application Scan (Default) method, which scans for all vulnerabilities using the recommended settings - the different methods are explained in the Hunt Methods document.
  4. Check edit site preferences.
  5. Click the Start Scan button. On the next screen, go to the Technologies tab and select the technologies used by the target website. You can also use this screen to change additional preferences associated with the website. Review the settings and then click OK to start the scan.

In the end of the scan, you can click Generate a Report to save the results as a HTML report or any other prefered format.

The next time you perform a scan (unless you want to change site preferences again) you can jump from the step 3 to 5.

How to perform manual login via browser

If you need to manually login first before you can scan a website, you may prefer to start the scan from within the Sandcat Browser.

  1. Launch Syhunt Hybrid and double-click the Sandcat Browser icon or New Tab button in the welcome page.

  2. Navigate to the website you want to scan - enter the target URL using the address bar and press Enter.
  3. Go to the Login area and login using your credentials.
  4. Click the Scan This Site menu option to start the scan.

How to perform a dynamic scan via command-line

  1. Go to the directory Syhunt Hybrid is installed using the command prompt.
  2. Use the following command-line:
 Scanurl [starturl] -hm:[a huntmethod]] -gr

 Scanurl -hm:appscan -gr

Syhunt ScanURL tool reports are automatically generated and saved if the -gr parameter is provided. You can also open the session by launching Syhunt and using the Menu -> Past Sessions option.

Scanning IPv6 addresses

Syhunt Dynamic fully supports the scanning of IPv6 addresses. To scan an IPv6 target, remember to enclose the address in square brackets, eg:


The Scanurl tool also supports IPv6 addresses.

Using Client Certificates

SSL support in Syhunt Dynamic relies on two Dynamic Link Library (DLL) files (SSLeay32.dll''' and libeay32.dll) developed by the OpenSSL Project. When these two DLL files are present then SSL support is available, which means that you can scan secure sites with https addresses.

The Site Preferences screen allows you to configure the client certificates. To view this screen, navigate to the website you want to scan, click the scan button -> Site Preferences and go to Certificates tab.

Basic FAQs

How many time Syhunt Dynamic will take to run all the tests?
Duration depends on the number of pages and applications your website contains and the scan method you selected. The web application checks (after the crawling stage) is usually the part of the scan that can take more time and depends on the size of the target site.

Can I load a previous scan session and re-run reports again?
Yes, select the Past Sessions option from the Menu. The Session Manager screen will open. Click Generate Report for the session you want and you will see the session results and the options to export data and generate reports.

Is there a list of tests that are conducted using the updated version of Syhunt?
You can get an idea of the tests by clicking the Menu -> Help, and then select Vulnerability List.

Do any of the tests crash the tested host?
As far as crashing the host - there are denial of service checks which may crash the tested host - you can turn those off when scanning though.

Does Syhunt Dynamic have any problems with personal firewalls?
Yes, you'll just have to let the firewall know that Syhunt is authorized to make connections to the Internet. However, some software firewalls do not handle high loads very well. It is not recommended to run both a personal firewall and Syhunt on the same machine.

If you're running a PC firewall on the scanning system that does outbound filtering, try disabling it - we've occassionally seen firewalls automatically block a program's socket calls without first prompting the user as to whether or not it should be allowed to make connections.

Is there any way to scan ports 23 (telnet) and 21 (ftp)?
No, Syhunt Dynamic is not a general purpose security scanner, it is specialized for evaluating web applications.

System Requirements

Syhunt Hybrid, Dynamic and Code

  1. 2GB of available RAM (4GB recommended)
  2. 1GB of free disk space*
  3. Internet connection (optional for dynamic scans and some features)
  4. Windows 7, 8 or 10
  5. Internet Explorer 11 or higher

* This does not include the space required to save scan session data, which varies depending on the target website or code base size.

If you use a personal firewall, you'll just have to let the firewall know that Syhunt Dynamic is authorized to make connections to the Internet. However, some software firewalls do not handle high loads very well. It is not recommended to run both a personal firewall and Syhunt on the same machine.

For additional product documentation, visit