Syhunt Hybrid: Reporting bugs

The information in this document applies to version 6.6 of Syhunt Hybrid.

Reporting False Positive Results

A false positive happens when a scan detects something that is later (after a manual review) shown not to be a vulnerability or weakness. In order to report a false positive so that it can be fixed:

  1. Describe each false positive case in the most detailed manner.
  2. Generate the debug log files as explained in the section below.
  3. Create a support ticket and attach the debug files together with the description for analysis.

Reporting False Negative Results

A false negative happens when a scan misses a vulnerability that exists in the target website or codebase. In order to report a false negative so that it can be fixed:

  1. Describe each false negative case in the most detailed manner and include details such as:
    • Vulnerability Type (eg: SQL Injection)
    • Affected URL (if any)
    • Steps used to confirm the vulnerability is present
    • If the vulnerability is an injection flaw, include the affected parameter, the data that was injected and a sample of the application's response
  2. If this is a source code scan, include the relevant fragments of the source code that result in the vulnerability that was not detected in the scan.
  3. Generate the debug log files as explained in the section below.
  4. Create a support ticket and attach the debug files together with the description and code fragments (if any) for analysis.

Reporting Other Bugs

  1. Describe the issue you experienced in the most detailed manner, so that we can investigate the issue and try to reproduce it in our lab.
  2. Take a screenshot of the bug
  3. Generate the debug log files as explained in the section below.
  4. Create a support ticket and attach the debug files together with the description and screenshot for analysis.

How to create a Debug Log

To generate debug logs in Syhunt Hybrid, just:

  1. Go to the sessions screen through Menu -> Past Sessions (as shown in the image below)
  2. Right click the specific session you want to debug in the list and click the menu option Debug -> Export Main Data to save the file.
  3. Repeat the same with the option Debug -> Export Log.

This will generate two debug files with SSE extension that must be sent to Syhunt for analysis.