Syhunt Hybrid Preferences
The information in this document applies to version 6.9.13 of Syhunt Hybrid.
The following is a list of key available preferences in Syhunt Hybrid that can be set through its command-line interface. Syhunt preferences are either global (apply to all scans and targets), site-specific (apply to a specific web site) or domain-specific (apply to a specific domain).
Domain Preferences
Domain preferences must be set using the scancore -prefset command, by providing the -v parameter combined with the -tg parameter (examples) and can only be applied to the indicated target domain.
Preference ID | Preference description | Default (bold) and other accepted values |
domain#name | Descriptive name of the target domain | empty, Example: "My company domain" |
domain#enabled | Enable Domain Preferences | true |
domain#icydark.options.compscore | Enable domain risk score comparison | true |
domain#icydark.lists.compdomains | Domains to be compared | empty. Example: somedomain1.com,somedomain2.com |
domain#icydark.lists.dmprops | Special domain properties | empty. See How to assign special domain properties? |
Site Preferences
Site preferences must be set using the scancore -prefset command, by providing the -v parameter combined with the -tg parameter (examples) and can only be applied to the indicated target website.
Preference ID | Preference description | Default (bold) and other accepted values |
name | Descriptive name of the target website | empty, Example: "My company website" |
enabled | Enable Site Preferences | true |
dynamic.augmented.detectoob | Perform OAST with Syhunt Signal (Recommended) | true |
dynamic.augmented.scanclisource | Perform SAST in client-side JavaScript with Syhunt Code | true |
dynamic.advanced.performdos | Perform DoS (Denial of Service) tests | true |
dynamic.webtech.slang | Server-Side Scripting Language | auto, lang.asp, lang.aspx, lang.java, lang.ssjs, lang.lua, lang.perl, lang.php, lang.python, lang.ruby |
dynamic.webtech.server | Web Server | auto, server.apache, server.tomcat, server.iis, server.nginx |
dynamic.webtech.os | Server OS | auto, os.bsd, os.linux, os.solaris, os.unix, os.windows |
dynamic.webtech.datsql | Database | auto, db.sql.access, db.sql.db2, db.sql.informix, db.nosql.mongodb, db.sql.mysql, db.sql.oracle, db.sql.postgresql, db.sql.sqlserver, db.sql.sqlite |
dynamic.webtech.guess.enabled | Attempt to sense web server software versions (Recommended) | true |
dynamic.webtech.guess.apache | Sense Apache version | true |
dynamic.webtech.guess.nginx | Sense Nginx version | true |
dynamic.webtech.guess.php | Sense PHP version | true |
dynamic.webtech.guess.phusion | Sense Phusion Passenger version | true |
dynamic.webtech.guess.modssl | Sense ModSSL version | true |
dynamic.webtech.guess.openssl | Sense OpenSSL version | true |
dynamic.advanced.forcewebrootstruct | Always target web root during structure brute forcing | true |
dynamic.crawling.limitdepth | Use depth limit | false |
dynamic.crawling.maxdepth | Maximum depth (requires use depth limit enabled) | 0 |
dynamic.crawling.limittobase | Limit crawling to start URL path and specific allowed URLs | false |
dynamic.lists.starturls | Additional Start URLs | empty. Example: /url1.php,/url2.php |
dynamic.lists.ignore.urls | Paths to ignore | empty. Example: /about1.php,/about2.php |
dynamic.lists.ignore.logoutpaths | Logout paths to ignore | empty. Example: /logout.php |
dynamic.lists.ignore.form.names | Forms to ignore (by name) | empty. Example: search1,search2 |
dynamic.lists.ignore.vulnsbyrules | Vulnerabilities to ignore | empty. Example: path=*/form.php,params=file |
dynamic.formauth.enabled | Enable form authentication | false |
dynamic.formauth.username | Form username | empty |
dynamic.formauth.password | Form password | empty |
dynamic.servauth.type | Server Authentication Type | None, Basic, Bearer, Digest, NTLM |
dynamic.servauth.username | Server Username | empty |
dynamic.servauth.password | Server Password | empty |
dynamic.advanced.incrementalscan | Incremental Scan | auto, disabled |
dynamic.lists.cookies | Cookies | empty. Example: ck1=value;ck=value |
Dynamic Preferences
Global settings for Syhunt Dynamic.
Preference ID | Preference description | Default (bold) and other accepted values |
dynamic.checks.dos | Perform DoS (Denial of Service) tests | true |
dynamic.emulation.redirect.autofollowinstarturl | Auto handle off-domain redirect in Start URL | true |
dynamic.emulation.mode | Browser Emulation Mode | Chrome, Edge, Firefox, MSIE, Opera, Safari |
dynamic.emulation.javascript.execution | Enable JavaScript emulation | true |
dynamic.emulation.javascript.simuser | Simulate user interaction (key press, mouse click, etc) | true |
dynamic.emulation.doxhrcalls | Perform XHR calls | true |
dynamic.emulation.cookies.accept | Accept cookies | true |
dynamic.emulation.cookies.maxsize | Maximum cookie size (kb) | 4 |
dynamic.emulation.cookies.maxnumber | Maximum number of cookies per site | 50 |
dynamic.emulation.autofill.forms | Automatically fill forms (name, address, phone, email, etc) | true |
dynamic.emulation.autofill.loginforms | Auto fill login web forms | true |
dynamic.options.logout.prevent | Prevent logout | true |
dynamic.options.logout.detect | Relogin when needed | true |
dynamic.emulation.redirect.autofollow | Automatically follow redirects | true |
dynamic.emulation.intelparser | Use intelligent HTML parsing (Handles malformed HTML) | true |
dynamic.emulation.usenavbehavior | Use browser behavior | true |
dynamic.emulation.referer.send | Send Referer | true |
dynamic.emulation.useragent | User Agent | a Chrome user agent |
dynamic.emulation.forceuseragent | Force this user agent in all situations | true |
dynamic.crawling.max.linkspersite | Maximum number of links per server | 10000 |
dynamic.crawling.max.linksnumber | Maximum links per page | 250 |
dynamic.crawling.max.urlsize | Maximum URL length (bytes) | 16384 |
dynamic.crawling.max.filesize | Maximum response size (kb) | 1024 |
dynamic.emulation.javascript.analyzejs | Analyze JavaScript code | true |
dynamic.emulation.javascript.analyzexhr | Analyze XHR calls | true |
dynamic.crawling.analyze.robots | Analyze robots.txt (if available) | true |
dynamic.evasion.evadeflt | Use filter evasion | true |
dynamic.checks.sub.xssev | Evasion Technique: Common XSS filter evasion techniques | true |
dynamic.checks.sub.utf8dev | Evasion Technique: UTF-8 Decode | true |
dynamic.evasion.detection.honeypot | Detect honeypot | true |
dynamic.evasion.detection.waf | Detect application firewall (if installed) | true |
dynamic.evasion.reqdistrand | Distribute requests randomly during crawling | false |
dynamic.options.delay.enabled | Use delay between requests | false |
dynamic.options.delay.value | Delay (ms) | 3000 |
dynamic.options.delay.userandom | Random delay | false |
dynamic.protocol.version | Protocol Version | HTTP/1.1, HTTP/1.0 |
dynamic.protocol.ssl.type | SSL Type | all, SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3, SSHv2 |
dynamic.protocol.keepalive | Enable Keep-Alive | true |
dynamic.protocol.usegzip | Enable GZIP compression support | true |
dynamic.protocol.mknocache | Make no-cache requests | false |
dynamic.lists.protocol.customhdr | Custom Request Headers | empty, Example: X-Custom:AValue,X-Custom2:AValue |
dynamic.lists.ignore.vulnsbyrules | Vulnerabilities to ignore | empty. Example: path=*/form.php,params=file |
dynamic.protocol.timeout.value | Timeout (ms) | 10000 |
dynamic.protocol.retries | Number of retries after timeout | 2 |
syhunt.dynamic.options.augmented.jndiserver | JNDIExploit Server (Host without port) | empty |
syhunt.dynamic.options.timelimit.enabled | Enable time limit | false |
syhunt.dynamic.options.timelimit.value | Scan time limit | empty, no limit. Examples: 1d, 3h, 2h30m, 50m |
Code Preferences
Global settings for Syhunt Code.
Preference ID | Preference description | Default (bold) and other accepted values |
code.checks.inflt | Analyze input filtering | true |
code.options.target.tfsver | TFS Version Compatibility | latest, 2017 .. 2010 |
code.lists.ignore.vulnsbyrules | Vulnerabilities to ignore | empty. Example: path=*/form.php,params=file |
syhunt.code.options.timelimit.enabled | Enable time limit | false |
syhunt.code.options.timelimit.value | Scan time limit | empty, no limit. Examples: 1d, 3h, 2h30m, 50m |
Forensic Preferences
Global settings for Syhunt Forensic (formerly Syhunt Insight).
Preference ID | Preference description | Default (bold) and other accepted values |
insight.lists.ignorelist.paths | Path Ignore List | empty, Example: /robots.txt,robots2.txt |
insight.lists.ignorelist.srcips | IP Ignore List | empty, Example: 1.1.1.1,2.2.2.2 |
insight.options.logformat | Log Format | auto, common, apache, iis, ncsa, nginx |
insight.options.profileatk | Build attacker profile | true |
insight.options.resolveip | Resolve attacker IP addresses (Slow) | false |
Additional Hybrid Preferences
Additional global settings for Syhunt Hybrid.
Preference ID | Preference description | Default (bold) and other accepted values |
hybrid.report.company.logo.url | Organization Logo URL | empty. Example: http://www.mycompany.com/logo.png |
hybrid.lists.riskfine | Risk Redefinition | empty. Example: C-1603660271-7241=low |
Tracker Preferences
Tracker preferences must be set using the scancore -tracker:set command, by providing the -v parameter combined with the -to parameter and can only be applied to the indicated tracker.
Preference ID | Preference description | Default (bold) and other accepted values |
project.name | Project Name | empty. Example: owner/repo |
auth.username | Username | empty |
auth.password | Password | empty |
auth.token.encrypted | Authentication Token | empty. |
auth.targethost | Hostname | empty |
smtp.targetport | SMTP Port | 587 |
message.from | Message - From | empty |
message.tolist | Message - To List | empty |
api.url | API URL | empty |
jira.defitname | Jira Default Issue Type | Task |
custom.fields | Custom Fields | empty |
custom.labels | Custom Labels | empty |
For additional product documentation, visit syhunt.com/docs