| Logo | Scanner | Version | Build | Vendor |
 | Syhunt Dynamic | 5.0.0.7 | RC2 | Syhunt |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 50.00% False Positives | (136/136) (5/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 200-Experimental-GET: None |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 200-Experimental-POST: None |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 8 out of 8 | Detected: 1-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 8 out of 8 | Detected: 1-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 5 out of 10 | 2,4,6,7,8 |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 0.00% False Positives | (66/66) (0/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 33 out of 33 | Detected: 1-30(1st&2nd),31,32 RXSS-Experimental-GET: 1,2,3 |
| Reflected XSS | HTTP POST (Body Parameters) | 33 out of 33 | Detected: 1-30(1st&2nd),31,32 RXSS-Experimental-POST: None |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | None |
| Detection Accuracy | Chart | ||||
| 52.94% Detection Rate 0.00% False Positives | (432/816) (0/8) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 36 out of 68 | Detected: 1,3,5,7,9-24,37-44,53-60 (the "enable fast scans" causes the tool to detect only 1,3,5,7,37,53) |
| False Positive Lfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 8 | None |
| Detection Accuracy | Chart | ||||
| 44.44% Detection Rate 0.00% False Positives | (48/108) (0/6) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 (Arbitrary File Inclusion) |
| False Positive Rfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 6 | None |
| I Disabled the "enable fast scan" feature (scan settings), and disabled all the "server" checks.
I tested each individual directory, using with multiple configurations, while using the following plugins: During the Path Traversal / LFI / RFI scans the tool did not detect any post test cases - and after a short analysis, I discovered that it did not manage to submit forms without an action property (a property I removed from the new test cases to ease maintenance, while relying on vendors to mimic the default browser behavior in this case), and thus, missed all the test cases since it could not submit the forms. In order to test the accuracy regardless of the bug, I created a version of the post test cases in which the name of the page was automatically set in the forms action property, and that seemed to solve the problem. XSS: General->Common Exposures Injection->CRLF Injection, Cross Frame Scripting, Cross-Site Scripting (XSS) File Inclusion (Traversal/LFI/RFI): Injection->File Inclusion, Directory Listing, Directory Traversal, Path Disclosure, PHP Code Injection SQL Injection: Injection->SQL Injection, Xpath Injection |
| Detection Accuracy | Chart | ||
| 94.0% Detection Rate |
| Previously Detected: 7.00%
Initialized WIVET's session, defined a static Cookie header with a valid PHPSESSID value in the "Protocol->HTTP Headers" section of the dynamic scan properties (the only feature that worked smoothly for me, since I had issues with the outgoing and custom cookie options) . I also excluded the logout URL by removing it from the menu (100.php/logout.php), enabled the various JS/Flash parsing & execution features in the configuration, and scan using both the spider only and XSS policies. |