Syhunt Hybrid: POC Test Plan

The information in this document applies to version 6.6 of Syhunt Hybrid. This testing plan was designed for Syhunt Hybrid, the full-featured edition, and not Syhunt Community - because of restricted functionality and vulnerability checks in Community, some test cases are impossible to be performed and not all vulnerabilities will be detected.

Introduction

This software test plan is aimed at verifying the functionality, accuracy and correct working of all key aspects and parts of Syhunt Hybrid. The testing is to be conducted at customer's premises after Syhunt Hybrid has been deployed and activated and involves performing dynamic and static scans under various conditions to simulate actual usage of the tools. Upon completion, the user should be familiar with key product functionality and Syhunt be able to collect usability feedback from the user.

Test Categories

Phase 1 - Dynamic Auditing
D1: Scan a live website for vulnerabilities
D2: Manually login via browser and scan a restricted website for vulnerabilities
D3: Automatically login and scan a restricted website for vulnerabilities
D4: Just map a website (crawling/spidering test with JavaScript execution)
Phase 2 - Source Code Auditing
S1: Scan local source code files for vulnerabilities
S2: Scan remote GIT repositories for vulnerabilities
Phase 3 - Integration
N1: Launch a code scan via command-line interface
N2: Launch a dynamic scan via command-line interface
N3: Create a tracker issue based on a reported vulnerability
N4: Generate a F5 BigIP ASM compatible export
Phase 4 - Reporting
R1: Generate a complete HTML report for a scan session
R2: Generate a XML results export for a scan session
R3: Edit the information about a reported vulnerability
R4: Generate a comparison report between scan sessions

Environmental Requirements

This testing plan assumes that Syhunt Hybrid is already installed on the machine that will execute the tests. If not, please continue reading this section.

Make sure the system requirements are met (see the system requirements below). Click the executable setup download link provided by Syhunt. After downloading the exe file, double-click its icon to launch it. It's an easy next-next-finish installation process. When you click Finish, Syhunt Hybrid will be launched and you will be prompted to enter a Pen-Tester Key - enter the one provided in the email message containing the download link. After you click OK, a success message indicates that the Syhunt is ready for testing and you should immediately see the Launcher screen.

Prey Server

The Prey server is a portable Apache PHP web server containing a set of vulnerable web applications for demonstration purposes.

  1. Download it from http://www.syhunt.com/pub/downloads/syhunt-vulnphpserver.zip
  2. Unzip it to a directory of your choice
  3. Run PreyServer.exe to launch it
  4. Finally, open http://127.0.0.1/vulndemo in the browser and you will see a welcome page

GIT for Windows

If you execute any GIT related test case, you will need to install Git for Windows, which can be downloaded at https://gitforwindows.org/ After installing it with its default settings, make sure the git command is available through the Command Prompt - type git and hit enter.

Syhunt Hybrid, Dynamic and Code

  1. 2GB of available RAM (4GB recommended)
  2. 1GB of free disk space*
  3. Internet connection (optional for dynamic scans and some features)
  4. Windows 7, 8 or 10
  5. Internet Explorer 11 or higher

* This does not include the space required to save scan session data, which varies depending on the target website or code base size.

If you use a personal firewall, you'll just have to let the firewall know that Syhunt Dynamic is authorized to make connections to the Internet. However, some software firewalls do not handle high loads very well. It is not recommended to run both a personal firewall and Syhunt on the same machine.

Phase 1: Dynamic Auditing

D1: Scan a live website for vulnerabilities

ActionExpected Results
Scan http://127.0.0.1/vulndemo for vulnerabilities

FOLLOW THE STEPS BELOW
After the scan completes, the results tab must list all test cases detected (from 001 to 008)
  1. Make sure the Prey server is running (as explained in the Environment Requirements section at the beginning of this document)
  2. Launch Syhunt Hybrid and click the Syhunt Dynamic icon or New Scan button in the welcome page.

  3. Enter the http://127.0.0.1/vulndemo as the target URL.

  4. Select the Application Scan (Default) hunt method, which scans for all vulnerabilities using the recommended settings.
  5. Click the Start Scan button

D2: Manually login via browser and scan a restricted website for vulnerabilities

ActionExpected Results
Scan http://127.0.0.1/restricted, which uses web form authentication, for vulnerabilities

FOLLOW THE STEPS BELOW
After the scan completes, the results tab must list all test cases (from 001 to 003)
  1. Make sure the Prey server is running (as explained in the Environment Requirements section at the beginning of this document)
  2. Launch Syhunt Hybrid and double-click the Sandcat Browser icon or New Tab button in the welcome page.

  3. Navigate to http://127.0.0.1/restricted - enter the URL using the address bar and press Enter.
  4. Go to the Login area and login using the following credentials: username test, password CUBPzjVy
  5. Click the Scan This Site menu option to start the scan.

  6. Select the Application Scan (Default) hunt method, which scans for all vulnerabilities using the recommended settings.
  7. Click the Start Scan button to launch the scan

D3: Automatically login and scan a restricted website for vulnerabilities

ActionExpected Results
Scan http://127.0.0.1/restricted_b, which uses basic authentication, for vulnerabilities

FOLLOW THE STEPS BELOW
After the scan completes, the results tab must list all test cases detected (from 001 to 003)
  1. Make sure the Prey server is running (as explained in the Environment Requirements section at the beginning of this document)
  2. Launch Syhunt Hybrid and click the Syhunt Dynamic icon or New Scan button in the welcome page.

  3. Enter the http://127.0.0.1/restricted_b as the target URL.

  4. Select the Application Scan (Default) hunt method, which scans for all vulnerabilities using the recommended settings.
  5. Check the option Edit site preferences before starting scan
  6. Click the Start Scan button
  7. In the next dialog, go to the Authentication tab. Switch Server Authentication from None to Basic
  8. Enter username test and password test
  9. Click the Ok button to launch the scan

D4: Just map a website (crawling/spidering test with JavaScript execution)

ActionExpected Results
Scan http://test.syhunt.com/spider

FOLLOW THE STEPS BELOW
After the scan completes, the site tree (left sidebar) when expanded must list alongside the site structure, all test cases (from 001 to 009) under the /passed/ directory
  1. Launch Syhunt Hybrid and click the Syhunt Dynamic icon or New Scan button in the welcome page.

  2. Enter the http://test.syhunt.com/spider as the target URL.

  3. Select the Spider Only hunt method
  4. Click the Start Scan button.

Phase 2: Source Code Auditing

S1: Scan local source code files for vulnerabilities

ActionExpected Results
Launch a code scan against a local directory via graphical user interface

FOLLOW THE STEPS BELOW
After the scan completes, the results must list all test cases (from 001 to 009)
  1. Download https://github.com/syhunt/vulnphp/archive/master.zip and unzip it to C:\Vulnerable\PHP\ or a directory of your preference
  2. Launch Syhunt Hybrid and click the Syhunt Code icon or New Scan button in the welcome page.

  3. Select the directory you unziped master.zip
  4. Make sure the Code Scan (default) hunt method is selected
  5. Press the Start Scan button to launch the scan.

You can try the above procedure with vulnerable samples in different languages:

Javahttps://github.com/syhunt/vulnjava-wavsep/archive/master.zip
Luahttps://github.com/syhunt/vulnlua/archive/master.zip
PHPhttps://github.com/syhunt/vulnphp/archive/master.zip

Note: the number of test cases in each archive may vary.

S2: Scan remote GIT repositories for vulnerabilities

ActionExpected Results
Launch a code scan against a remote GIT repository

FOLLOW THE STEPS BELOW
After the scan completes, the results must list all test cases (from 001 to 009)
  1. Launch Syhunt Hybrid and click the Syhunt Code icon or New Scan button in the welcome page.

  2. Select type GIT URL and enter the URL: https://github.com/syhunt/vulnphp.git
  3. Make sure the Code Scan (default) hunt method is selected
  4. Press the Start Scan button to launch the scan.

You can try the above procedure with vulnerable samples in different languages:

Javahttps://github.com/syhunt/vulnjava-wavsep.git
Luahttps://github.com/syhunt/vulnlua.git
PHPhttps://github.com/syhunt/vulnphp.git

Note: the number of test cases in each archive may vary.

Phase 3: Integration

N1: Launch a code scan via command-line interface

ActionExpected Results
Launch a code scan against https://github.com/syhunt/vulnphp via command-line interface

FOLLOW THE STEPS BELOW
After the scan completes, the results must list all test cases (from 001 to 009)
  1. Go to the directory Syhunt Hybrid is installed using the command prompt.
  2. Use the following command-line (with the -gr parameter, so that it can generate a report):
 Scancode https://github.com/syhunt/vulnphp.git -gr

N2: Launch a dynamic scan via command-line interface

ActionExpected Results
Launch a dynamic scan against http://127.0.0.1/vulndemo via command-line interface

FOLLOW THE STEPS BELOW
After the scan completes, the results must list all test cases (from 001 to 008)
  1. Make sure the Prey server is running (as explained in the Environment Requirements section at the beginning of this document)
  2. Go to the directory Syhunt Hybrid is installed using the command prompt.
  3. Use the following command-line (with the -gr parameter, so that it can generate a report):
 Scanurl 127.0.0.1/vulndemo -gr

N3: Create a tracker issue based on a reported vulnerability

ActionExpected Results
Create a GitHub issue based on a reported vulnerability

FOLLOW THE STEPS BELOW
After adding a GitHub tracker and submitting a vulnerability, your GitHub repository will list the vulnerability as an issue
  1. Create a GitHub.com account, if you don't have one, and create a test repository
  2. Add a GitHub tracker in Syhunt as explained in Integrating Syhunt with JIRA and GitHub
  3. Go to the menu -> Past Sessions option
  4. Right click a session with status Vulnerable and click the View Vulnerabilities option
  5. Check the vulnerability you want to send to GitHub
  6. Click the button SendTo -> Your tracker name to submit the vulnerability

N4: Generate a F5 BigIP ASM compatible export

ActionExpected Results
Generate a ASM export file for a scan

FOLLOW THE STEPS BELOW
After clicking the Save button, the browser will open the compatible XML file which you can then import in BigIP ASM
  1. Go to the menu -> Past Sessions option
  2. Right click a session with status Vulnerable and click Generate Report option
  3. Select Complete report template option
  4. Click the Save Report button (at the bottom right corner of the tab)
  5. Select Save as type XML ASM Generic Scanner Format and finally click the Save button

Phase 4: Reporting

R1: Generate a complete HTML report for a scan session

ActionExpected Results
Generate a report for a scan

FOLLOW THE STEPS BELOW
After clicking the Save button, the browser will open the HTML report file
  1. Go to the menu -> Past Sessions option
  2. Right click a session with status Vulnerable and click Generate Report option
  3. Select Complete report template option
  4. Click the Save Report button (at the bottom right corner of the tab) and finally the Save button

R2: Generate a XML results export for a scan session

ActionExpected Results
Generate a XML results file for a scan

FOLLOW THE STEPS BELOW
After clicking the Save button, the browser will open the XML results file
  1. Go to the menu -> Past Sessions option
  2. Right click a session with status Vulnerable and click Generate Report option
  3. Select Complete report template option
  4. Click the Save Report button (at the bottom right corner of the tab)
  5. Select Save as type XML File and finally click the Save button

R3: Edit the information about a reported vulnerability

ActionExpected Results
Edit the information about a reported vulnerability

FOLLOW THE STEPS BELOW
See the vulnerability edit screen. After editing and confirming the changes, if you generate a report, it will contain the edited information
  1. Go to the menu -> Past Sessions option
  2. Right click a session with status Vulnerable and click the View Vulnerabilities option
  3. Double-click a vulnerability item
  4. Change the vulnerability description as you wish. Go to the Notes tab and also add some notes
  5. Click the OK button to save changes

R4: Generate a comparison report between scan sessions

ActionExpected Results
Generate a comparison report between two scan sessions

FOLLOW THE STEPS BELOW
A report must be generated with the same contents from the comparison screen, which should list test cases 007 to 009 as removed
  1. Follow the steps described in section S1.
  2. After completing the scan, go to the directory where you saved the vulnerable samples and delete test cases 007 to 009.
  3. Scan the directory again as explained in section S1.
  4. Go to the menu -> Past Sessions option
  5. Check the two last scan sessions and click the Compare Sessions toolbar icon:
  6. Click the Save Comparison As button (at the bottom right corner of the tab) and finally click the Save button

For additional product documentation, visit syhunt.com/docs