The information in this document applies to version 6.9.28 of Syhunt Dynamic.
Table of Contents
Syhunt Dynamic supports manual and automated authentication methods. In the case of the automated method, Syhunt Dynamic automatically detects the login form and authenticates with the credentials and methods previously configured in the Site Preferences screen. The automated method currently supports standard authentication, AI-powered form authentication, Selenium script authentication, as well as Basic, Bearer, Digest, NTLM and direct through cookie.
In the case of the manual method, the scan is started after manually logging in through the Sandcat browser, included with Syhunt Dynamic. Syhunt Dynamic automatically monitors the established session to ensure that the session was maintained from the start to end of the scan. All available methods are described below.
Syhunt's innovative AI-powered form authentication method eliminates the need of using complicated login recorders to achieve login during a scan. The method automatically figures out how to login with credentials and sometimes a few instructions from the user, caching a successful login procedure to be used in future on-demand or scheduled scans. Below you can find how to enable, configure and test the AI-powered authentication.
Now when a scan report is generated you will see the screenshot of the scanned URL after logging in and an indication if the authentication session was maintained from the start to end of the scan at the top of the report.
Now when a scan report is generated you will see the screenshot of the scanned URL after logging in and an indication if the authentication session was maintained from the start to end of the scan at the top of the report.
In this case, there are two methods: a) passing the credentials through the ScanURL command, or b) leaving the credentials pre-configured through the scancore command. The second method is considered more secure as the password is not exposed while executing the ScanURL command. Examples:
-- Method A - Indicating form authentication when firing a scan
-- In this case, credentials are not permanently stored in Dynamic settings.
scanurl http://127.0.0.1 -atype:Form -auser:yourusername -apass:yourpassword
-- Method B - Configuring Basic authentication for a specific website
-- In this case, the credentials are stored in the Dynamic settings and are reused in all scans against the indicated target.
scancore -tg:http://127.0.0.1 -prefset:dynamic.servauth.type -v:Form
-- The available form auth types are: None, Standard, AI or Selenium. None disables the form authentication.
scancore -tg:http://127.0.0.1 -prefset:dynamic.formauth.type -v:Standard
scancore -tg:http://127.0.0.1 -prefset:dynamic.servauth.username -v:myuser
scancore -tg:http://127.0.0.1 -prefset:dynamic.servauth.password -vsecret -vstring
scanurl http://127.0.0.1
-- Method B - Setting a cookie from a file
scancore -tg:http://127.0.0.1 -prefset:dynamic.lists.cookies -fromfile:caminho/mycookies.lst
scanurl http://127.0.0.1
You can launch the scan from within the Sandcat browser after logging in to a website.
If you have Syhunt version 6.9.26 or superior, Syhunt will indicate in the session details area of the report if the session started manually was maintained from the beginning till the end of the scan with a Authenticated Session Maintained: Yes.
Note: this method does not work with the latest version of browsers and will be reviewed soon. Alternatively, you can manually login using an external browser like Google Chrome or Mozilla Firefox:
If you have Syhunt version 6.9.26 or superior, Syhunt will indicate in the session details area of the report if the session started manually was maintained from the beginning till the end of the scan with a Authenticated Session Maintained: Yes.
Note: The below procedure was designed for the classic Standard authentication type, and not for AI-Powered or Selenium script authentication, which take care of form filling using different ways and options.
In the case of a web form with fields other than username and password, or that use input names that deviate from the standard, Syhunt Dynamic must be taught to fill in such fields, as shown in the example below.
<input name="ClientUTBox" id="ClientUTBox" type="hidden" value="1234">
<input name="ClientUNBox" id="ClientUNBox" type="text" class="InputBox"/>User Name
<input name="ClientPWBox" id="ClientPWBox" type="password" class="InputBox" >Password
The following procedure will reprogram Syhunt to fill in the additional fields:
ClientUTBox=1234
ClientUNBox=@syhunt_web_form_username
ClientPWBox=@syhunt_web_form_password
Values above after the equal sign starting with an @ are internal variables, they ensure that the web form login information you entered in the Site Preferences screen is used in the two form inputs you provided. Once the above configuration is saved, Syhunt Dynamic will be ready to perform the login during the scan.
Syhunt Dynamic can auto-detect most logout pages, but if the logout page does not match standard names and common patterns, you will need to add the logout page URL to your Site Preferences. This will prevent Syhunt Dynamic from accidentally logging out during a scan:
/getmeout.php
SSL support in Syhunt Dynamic relies on libraries developed by the OpenSSL Project and included with the product and allow you to scan secure sites with https addresses.
The Site Preferences screen allows you to configure the client certificates. To view this screen, navigate to the website you want to scan, click the scan button -> Site Preferences and go to Certificates tab.