Differences between Hunt Methods

Hunt MethodCLI nameTypeBruteInjectionDoSTime-Con.TargetTriple Chk.
Web Application Scanappscan
(AKA normal)
Web Structure Brute ForcestructbfY (Deep)NNY (Very)SSN
Old & Backup FilesfileoldYNNYSSN
Fault InjectionfaultinjNYP(***)NA,AS,SSN
Cross-Site ScriptingxssNP (XSS)NNA,AS,SSN
SQL InjectionsqlinjNP (SQL)NNA,AS,SSN
File InclusionfileincNP (FI)NNA,AS,SSN
Unvalidated RedirectsunvredirNP (UR)NNA,AS,SSN
Malware ContentpassiveP (Mal)P (Mal)NNSSN
Spider OnlyspiderNNNNSSN
Complete Scan, ParanoidcomppnoidY (Deep)YYY (Very)EY
Complete ScancompleteYYYYEN
Complete Scan, No DoScompnodosYYNYEN

Letters: Yes/No/Partial (Y/N/P)
(*) PHP Top 5 scan will only scan for Remote Command Execution, XSS, SQL Injection and File Inclusion flaws
(**) Brute Force will target mainly the root of the web site
(***) Restricted to Buffer Overflows only

Type of Testing

  • - Gray Box
  • - White Box
  • - Black Box


  • A - Web Applications
  • AS - Web Application's Source
  • SS - Entire Site Structure (including Root; Spidering Enabled)
  • SR - Site Root (No Spidering, targets mainly the root of the web site)
  • SW - Server Software (flaws affecting the HTTPD)
  • E - Everything


A Yes means that the number of checks will be influenced by the number of directories found during the spidering stage.

Triple Checking

Applies to case-sensitive servers. If enabled, Syhunt will try all file name possibilities (all uppercase, all lowercase, all leading capitals, etc).


The Complete Scan (No DoS) method is the default scan method in Syhunt. All available scan methods are described below. If you want to use a different scan method, click the Hunt Method button in the standard toolbar. You will be able to select one of the following options:

Common Web Server Scan

Scans for outdated server software, common web server vulnerabilities and exposures. This scan method will not crawl the web site, but look for vulnerabilities in a very similar way to classic (CGI) scanners

SANS Top 20

Scans specifically for the SANS Top Twenty List of Critical Network Vulnerabilities.

Web Application Scan

Identifies flaws in custom web applications. This scan method crawls the web site and performs attacks against the web site structure and the web applications. This includes looking for fault injection vulnerabilities such as XSS, SQL Injection, File Inclusion, and more.

Web Structure Brute Force

A structure brute force will check for:

  • Common Vulnerable Scripts
  • Common File Checks
  • Custom File Checks (User File Checks)
  • Database Disclosure
  • Web-Based Backdoors

The number of checks is influenced by the number of directories found during the spidering stage.


Scans specifically for the OWASP Top Five List of PHP Vulnerabilities.

Fault Injection

Scans specifically for fault injection vulnerabilities. If this scan method is selected, all other checks that does not require injection are disabled and Syhunt will then specifically check for SQL injection, XSS, file inclusion, and similar flaws.

Cross-Site Scripting (XSS)

Scans specifically for XSS vulnerabilities.

SQL Injection

Scans specifically for SQL & NoSQL Injection vulnerabilities.

Complete Scan

Scans for both common web server vulnerabilities and web application vulnerabilities. This is the combination of the common web server scan and the web application scan methods plus some additional checks. A Complete Scan can sometimes be very time-consuming when performed against a web server that has a large quantity of web folders (eg: 200 or more web folders).

Complete Scan (No DoS)

Same as before, but with denial-of-service tests disabled.

Complete Scan (Paranoid)

Scans for both common web server vulnerabilities, web application vulnerabilities and common vulnerable scripts around the site structure. This scan method can be very time-consuming, specially when executed against large web sites.

Important: Syhunt's web application scan is only activated when one of these scan methods are selected: Web Application Scan, PHP Top 5, Fault Injection, SQL Injection, XSS or Complete Scan. All other scan methods does not include application checks/spidering.

Page last modified on November 12, 2018, at 02:53 PM