FREE ACCESS & MORE: Syhunt takes action to help secure entities and businesses amid COVID-19 pandemic Read now

The information in this document applies to version 6.6 of Syhunt Hybrid.

Differences between Hunt Methods

Hunt MethodCLI nameTypeBrute F.InjectionDoSTime-Con.
Application Scanappscan
(AKA normal)
Structure Brute ForcestructbfY (Deep)NNY (Very)
Old & Backup FilesfileoldYNNY
Fault InjectionfaultinjNYYN
Top 5 (OWASP PHP)top5NP (TOP5)NN
Cross-Site ScriptingxssNP (XSS)NN
SQL InjectionsqlinjNP (SQL)NN
File InclusionfileincNP (FI)NN
Unvalidated RedirectsunvredirNP (UR)NN
Malware ContentmalscanP (Malware)P (Malware)NN
Spider OnlyspiderNNNN
Complete ScancompleteYYYY (Very)
Complete Scan, No DoScompnodosYYNY (Very)
Complete Scan, ParanoidcomppnoidY (Deep)YYY (Very)

Letters: Yes/No/Partial (Y/N/P)

Type of Testing

  • - Hybrid (Gray Box), Dynamic & Code
  • - Dynamic Only (Black Box)
  • - Code Only (White Box)


A Yes means that extra checks and attack mutations will be performed and the number of checks will be influenced by the number of directories found during the spidering stage.


The Application Scan method is the default scan method in Syhunt. If you want to use a different scan method, you will be able to select one of the following options:

Application Scan

Identifies flaws in custom web applications. This scan method crawls the web site and performs attacks against the web site structure and the web applications. This includes looking for fault injection vulnerabilities such as XSS, SQL Injection, File Inclusion, and more.

Structure Brute Force

A structure brute force will check for:

  • Common Vulnerable Scripts
  • Common File Checks
  • Custom File Checks (User File Checks)
  • Database Disclosure
  • Web-Based Backdoors

The number of checks is influenced by the number of directories found during the spidering stage.


Scans specifically for the OWASP Top Five List of PHP Vulnerabilities. Remote Command Execution, XSS, SQL Injection and File Inclusion flaws

Fault Injection

Scans specifically for fault injection vulnerabilities. If this scan method is selected, all other checks that does not require injection are disabled and Syhunt will then specifically check for SQL injection, XSS, file inclusion, and similar flaws.

Cross-Site Scripting (XSS)

Scans specifically for XSS vulnerabilities.

SQL Injection

Scans specifically for SQL & NoSQL Injection vulnerabilities.

Complete Scan

Scans for all kinds of web application vulnerabilities using all kinds of mutantions and pen-tester methods. A Complete Scan can sometimes be very time-consuming when performed against a web server that has a large quantity of web folders and entry points.

Complete Scan (No DoS)

Same as before, but with denial-of-service tests disabled.

Complete Scan (Paranoid)

Scans for all kinds of web application vulnerabilities using deep structure brute force, all kinds of mutantions and pen-tester methods. This scan method can be very time-consuming, specially when executed against large web sites. This method also executes triple checking structure brute force, which applies to case-sensitive servers - Syhunt will try all file name possibilities (all uppercase, all lowercase, all leading capitals, etc).

For additional product documentation, visit