Differences between Hunt Methods
|Hunt Method||CLI name||Type||Brute F.||Injection||DoS||Time-Con.|
|Application Scan (Default)||appscan||Y||Y||Y||N|
|Structure Brute Force||structbf||Y (Deep)||N||N||Y (Very)|
|Old & Backup Files||fileold||Y||N||N||Y|
|Top 10 (OWASP)||top10||N||P (TOP10)||Y||N|
|Top 25 (CWE)||top25cwe||N||P (TOP25)||Y||N|
|Top 5 (OWASP PHP)||top5php||N||P (TOP5)||N||N|
|Cross-Site Scripting||xss||N||P (XSS)||N||N|
|SQL Injection||sqlinj||N||P (SQL)||N||N|
|File Inclusion||fileinc||N||P (FI)||N||N|
|Unvalidated Redirects||unvredir||N||P (UR)||N||N|
|Malware Content||malscan||P (Malware)||P (Malware)||N||N|
|Complete Scan||complete||Y||Y||Y||Y (Very)|
|Complete Scan, No DoS||compnodos||Y||Y||N||Y (Very)|
|Complete Scan, Paranoid||comppnoid||Y (Deep)||Y||Y||Y (Very)|
Letters: Yes/No/Partial (Y/N/P)
Type of Testing
- - Hybrid (Gray Box), Dynamic & Code
- - Dynamic Only (Black Box)
- - Code Only (White Box)
Identifies flaws in custom web applications, web server software and third-party components. This scan method crawls the web site and performs attacks against the web site structure and the web applications. This includes looking for fault injection vulnerabilities such as XSS, SQL Injection, File Inclusion, and more.
Structure Brute Force
A structure brute force will check for:
- Common Vulnerable Scripts
- Common File Checks
- Custom File Checks (User File Checks)
- Database Disclosure
- Web-Based Backdoors
The number of checks is influenced by the number of directories found during the spidering stage.
Old & Backup Files
Executes extension checking around the mapped web site structure.
OWASP Top 10
Scans specifically for the OWASP Top 10 2017 vulnerabilities:
- A1 2017: Injection
- A2 2017: Broken Authentication
- A3 2017: Sensitive Data Exposure
- A4 2017: XML External Entities (XXE)
- A5 2017: Broken Access Control
- A6 2017: Security Misconfiguration
- A7 2017: Cross-Site Scripting (XSS)
- A8 2017: Insecure Deserialization
- A9 2017: Using Components with Known Vulnerabilities
- A10 2017: Insufficient Logging & Monitoring
CWE Top 25
Scans specifically for the 2019 CWE Top 25 Most Dangerous Software Errors.
See the full list at: https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
OWASP PHP Top 5
Scans specifically for the OWASP Top Five List of PHP Vulnerabilities:
- Remote Command Execution
- Cross-Site Scripting (XSS), including DOM XSS
- SQL Injection
- PHP Misconfiguration
- File System Attacks, including File Inclusion
Scans specifically for fault injection vulnerabilities. If this scan method is selected, all other checks that does not require injection are disabled and Syhunt will then specifically check for SQL injection, XSS, file inclusion, and similar flaws.
Cross-Site Scripting (XSS)
Scans specifically for XSS vulnerabilities, including DOM XSS.
Scans specifically for SQL & NoSQL Injection vulnerabilities.
Scans specifically for File Inclusion and Directory Traversal vulnerabilities.
Scans specifically for Unvalidated Redirect vulnerabilities.
Scans specifically for malware content, such as:
- Web Backdoors
- Malicious Content
- Hidden Debug Parameters
Maps the web site structure and reports vulnerabilities discovered without launching any kind of attacks, such as:
- Various Form Weaknesses
- Web Technology Disclosure
- Insecure HTTP Headers
- Outdated, Vulnerable Server Software
- Outdated, Vulnerable Referenced Scripts
- Suspicious HTML Comments
- Source Code Disclosure
- Malicious Content being served
Maps the web site structure without testing or reporting any kind of vulnerability or weakness.
Scans for all kinds of web application vulnerabilities using all kinds of mutantions and pen-tester methods, including Header Manipulation attacks. A Complete Scan can sometimes be very time-consuming when performed against a web server that has a large quantity of web folders and entry points.
Complete Scan (No DoS)
Same as before, but with denial-of-service tests disabled.
Complete Scan (Paranoid)
Scans for all kinds of web application vulnerabilities using deep structure brute force, all kinds of mutantions and pen-tester methods, including Header Manipulation attacks. This scan method can be very time-consuming, specially when executed against large web sites. This method also executes triple checking structure brute force, which applies to case-sensitive servers - Syhunt will try all file name possibilities (all uppercase, all lowercase, all leading capitals, etc).
For additional product documentation, visit syhunt.com/docs