Console Web Vulnerability Scan Tools - Syhunt ScanTools




Syhunt released the new generation of its console-based scan tools, simply called ScanTools. The first release of ScanTools comes with four console applications: - ScanURL,ScanCode, ScanLog and ScanConf, incorporating the functionality of the scanners Syhunt Hybrid/Dynamic, Syhunt Code, Syhunt Insight and Syhunt Harden respectively. Whether you want to scan a live web application, source code files, web server logs or configuration files for vulnerabilities, weaknesses and more, ScanTools can help you start the task with a single line command. Syhunt ScanTools is available for download as a freeware portable package or as part of Syhunt Community.


Installation

Download Information

Syhunt ScanTools is included with the latest release of Syhunt. It is located in the installation directory of the suite.
Please note that the full-featured version of the tools is only available for registered users.

System Requirements


  1. 512 MB of memory
  2. 200 MB of free disk space
  3. Internet connection (optional for remote scanning)
  4. Windows XP, 2003, 2008, Vista, 7, 8 or 10.

Usage

Just run any of the Scan*.exe apps, which are located in the installation directory of Syhunt Hybrid, with no parameters to see usage instructions.

Supported Hunt Methods

For detailed information about scan methods, see the Hunt Methods page.

Scanning IPv6 addresses

Scanurl fully supports the scanning of IPv6 addresses. To scan an IPv6 target, enclose the address in square brackets, eg:
Scanurl http://[2001:4860:0:2001::68]

Black Box (Dynamic Scan)

  1. Go to the directory Syhunt Hybrid is installed using the command prompt.
  2. Use the following command-line:
 Scanurl [starturl] -hm:[a huntmethod]] -gr

Example:
Scanurl http://www.somehost.com -hm:appscan -gr

White Box (Source Code Scan)

  1. Go to the directory Syhunt is installed using the command prompt.
  2. Example command-line:
 Scancode C:\WWW\Docs\ -gr

Gray Box (Dynamic + Code Scan)

  1. Go to the directory Syhunt Hybrid is installed using the command prompt.
  2. Use the following command-line:
 Scanurl [starturl] -hm:[a huntmethod]] -srcdir:"[SourceDir]" -gr

Example:
Scanurl localhost -hm:appscan -srcdir:"C:\WWW\Docs\" -gr



Note: if you already entered the source code directory for the target host using the Syhunt Hybrid GUI in a past scan it is not necessary to assign it again using the -srcdir command.