Syhunt Hybrid: Reporting bugs

The information in this document applies to version 6.7 of Syhunt Hybrid.

Reporting False Positive Results

A false positive happens when a scan detects something that is later (after a manual review) shown not to be a vulnerability or weakness. In order to report a false positive so that it can be fixed:

  1. Describe each false positive case in the most detailed manner.
  2. Generate the debug log files as explained in the section below.
  3. Create a support ticket and attach the debug files together with the description for analysis.

Reporting False Negative Results

A false negative happens when a scan misses a vulnerability that exists in the target website or codebase. In order to report a false negative so that it can be fixed:

  1. Describe the vulnerability type (eg: SQL Injection)
  2. If this is a source code scan, include the relevant fragments of the source code that result in the vulnerability that was not detected in the scan.
  3. If this is a dynamic scan, describe the false negative case in the most detailed manner and include details such as:
    • Affected URL (if any)
    • Steps used to confirm the vulnerability is present
    • If the vulnerability is an injection flaw, include the affected parameter, the data that was injected and a sample of the application's response
  4. Generate the debug log files as explained in the section below.
  5. Create a support ticket and attach the debug files together with the description and code fragments (if any) for analysis.

Reporting Crawling Issues

  1. Describe if the target URL is behind some barrier, such as web form authentication. This way we can analyze the procedure, configuration or method used, make suggestions or adjustments to the tool if needed.
  2. If the target URL not being properly crawled is available, please provide us with the URL and test credentials (if any) so that we can run a test directly from our lab.
  3. If the above step is not possible, generate the debug log files as explained in the section below.
  4. Create a support ticket and attach the debug files together with the description of the issue for analysis.

Reporting Other Bugs

  1. Describe the issue you experienced in the most detailed manner, so that we can investigate the issue and try to reproduce it in our lab.
  2. Take a screenshot of the bug
  3. Generate the debug log files as explained in the section below.
  4. Create a support ticket and attach the debug files together with the description and screenshot for analysis.

How to create a Debug Log

To generate debug logs in Syhunt Hybrid, just:

  1. Go to the sessions screen through Menu -> Past Sessions (as shown in the image below)
  2. Right click the specific session you want to debug in the list and click the menu option Debug -> Export Main Data to save the file.
  3. Repeat the same with the option Debug -> Export Log.

This will generate two debug files with SSE extension that must be sent to Syhunt for analysis.

How to create a support ticket

Submitting a support ticket is the best way to report bugs. To create a support ticket:

  1. Go to the support ticket area and click the Submit Ticket button.
  2. Click the Register link and register if you have not done so:
    • Enter a valid email and your name and click the Register button. Check your email for additional login information.
    • Go back to the login page and use your username and password to login.
    • Click the Submit Ticket button
  3. Fill in the form to create the ticket:
    • Enter your message and (if needed) attach any files.
    • When you are finished, click the Send button.

After opening a ticket, a Syhunt support agent will evaluate the issue - you will receive an email copy of the ticket when Syhunt sends a reply. Users can expect a reply within 1-2 business days. You can monitor the status of your support ticket by clicking My Tickets, and you can reply via email or the tickets area.