Overview

Syhunt Code has been designed to scan PHP web applications for various types of issues, such as Cross-Site Scripting (XSS), File Inclusion, SQL Injection, Command Execution and weak validation. Additionally, by identifying key areas of the code, Syhunt Code can also help auditors perform code reviews better, faster and more efficiently.

When used from within Syhunt Hybrid, Syhunt Code can also perform classic ASP, ASP.NET, Perl & Python source code scans that are complementary to its dynamic scans.

 
$a = $_GET['file'];
include($a);
 

Syhunt Datasheet

Key Features

Syhunt Code is a perfect complement to the already extensive set of remote scanning capabilities available in the Syhunt Dynamic scanner, making it the most comprehensive solution for those concerned about web application security.

• Provides over 300 web source checks, covering several types of web security attacks
• Analyzes the source code of web applications and detects cross-site scripting, file inclusion, SQL injection, command execution and validation problems
• Identifies key areas of the code, such as key HTML tags, AJAX / JavaScript, entry points and interesting keywords
• Performs input filtering analysis
• Allows to scan for specific vulnerabilities, such as SQL Injection and XSS (Cross-Site Scripting) vulnerabilities
• Allows to define a directory to be scanned
• Exports alerts to HTML format (registered users only)
• Syhunt® Hardener - Inspects and evaluates the security settings of any Apache or PHP configuration file
• Full list of supported languages
• Syhunt's PHP scanning capabilities (detailed)
• Recommended Reading: PHP Threats Continue to Rise But More Work & Education Could Help

New in 4.0

Syhunt Hybrid 4.03 features new, enhanced versions of the Syhunt code scanners plus some minor user experience improvements:

What's New in Syhunt Code for PHP (2.1)

Syhunt Code for PHP's database has been significantly expanded in this release to cover File Manipulation, HTTP Response Splitting (HRS) and SQL Injection involving several types of SQL servers.

• Added new Command Execution Checks.
• Added several new SQL Injection checks (covering DB2, dbx, Firebird/InterBase, FrontBase, Informix, Ingres, MaxDB, mSQL, MySQL, Oracle, Ovrimos, PostgreSQL, SQL Server, SQLite, Swish & Sybase).
• Added the first HTTP Response Splitting Checks.
• Added the first Arbitrary File Manipulation Checks.
• Added support for <script language="php">.
• Added support for the echo shorthand.
• Improved XSS Checks.
• Improved File Inclusion Checks.
• Improved support for PHP5.
• Fixed some false negative cases.

The recently introduced code scanners for ASP & JSP also evolved to include checks for additional vulnerability classes such as File Inclusion, Command Execution, SQL Injection and others (listed below).

What's New in Syhunt Code for ASP.NET (0.2 Beta)

• Added new XSS Checks.
• Added the first File Inclusion Checks
• Added the first Command Execution Checks.
• Added the first HTTP Response Splitting Checks.
• Added SQL Injection Checks.
• Added several Arbitrary File Manipulation Checks.
• Added support for <script runat="server">.

What's New in Syhunt Code for Classic ASP (0.2 Beta)

• Added the first File Inclusion Checks.
• Added the first Command Execution Checks.
• Added the first HTTP Response Splitting Checks.

What's New in Syhunt Code for JSP (0.2 Beta)

• Added new XSS Checks.
• Added the first Command Execution Checks.

Other Improvements

• Improved display of vulnerable code.
• SyMiniCS now displays a resume of results at the end of the execution.

Specs

1. 128 MB of memory
2. 100 MB of free disk space
3. Internet connection (optional for performing automatic updates)
4. Windows XP, 2003, 2008, Vista or 7. It should run on older versions of Windows as well.
5. As a user of a more recent Windows version you may need to be logged in with full administration rights

Screenshots

Flaw Detection

Source Tab