Overview

Syhunt tools includes the ability to generate reports
and countless other advanced features

Syhunt Dynamic (formerly known as Sandcat Pro scanner) can help you automate dynamic web application security testing and proactively guard your organization's Web infrastructure against several kinds of web application security threats.

Syhunt Hybrid (a more advanced edition of the Syhunt scanner) integrates Syhunt Code and is able to perform hybrid static & dynamic security scans. Syhunt Hybrid scans your application's source code first, then tries to remotely confirm its flaws (XSS, File Inclusion, SQL Injection, Command Execution, and many more)

Both editions include an easy-to-use Graphical User Interface, the full version of the Syhunt Console application and several GUI extensions and expansion add-ons.

Syhunt Datasheet

Features

Pro Features

• Black-Box Testing (DAST) - Assess the web application security through remote scanning. Supports any web server platform.
• White-Box Testing (SAST) - By automating the process of reviewing the web application's code, Syhunt's code scanning functionality can make the life of QA testers easier, helping them quickly find and eliminate security vulnerabilities from web applications. Supports ASP, ASP.NET & PHP.
• Concurrency/Scan Queue Support - Multiple security scans can be queued and the number of threads can be adjusted.
• Deep Crawling - Runs security tests against web pages discovered by crawling a single URL or a set of URLs provided by the user.
• Advanced Injection - Maps the entire web site structure (all links, forms, XHR requests and other entry points) and tries to find custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST). Tests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes.
• Reporting - generates a report containing information about the vulnerabilities. After examining the application's response to the attacks, if the target URL is found vulnerable, it gets added to the report. Syhunt's reports also contain charts, statistics and compliance information. Syhunt offers a set of report templates tailored for different audiences.
• Local or Remote Storage - Scan results are saved locally (on the disk) or remotely (in the Syhunt web server). Results can be converted at any time to HTML or multiple other available formats.
• In addition to its GUI (Graphical User Interface) functionalities, Syhunt offers an easy to use command-line interface.

The professional version of the Syhunt suite also includes:

• Sandcat Browser -- A pen-test oriented multi-tabbed web browser with extensions support.
• Session Resume Support -- Ability to stop and later resume a scan session. It works for all scan methods and target options.
• Full Vulnerability Info -- Full vulnerability information and references - CVE, NVD, CWE, Bugtraq & OSVDB
• Enhanced Settings Management -- Ability to import and export settings
• Multiple Report Formats -- Ability to generate reports and export data -- HTML, PDF, JSON, XML, Text, CSV, RTF, XLS & DOC
• Input Filtering Analysis (during code scans)
• Built-In SSL Feature -- Ability to scan SSL-enabled web servers
• Autoupdates -- Ability to automatically upgrade to the latest components and databases (Requires Internet connection)
• Multiple Instance Support -- Ability to run Syhunt in multiple windows
• Email Alert Feature -- Ability to automatically email reports after a scan is completed
• Complementary command-line utilities such as SesmanCS
• Syhunt Newsletter -- Our newsletter help keep you informed about the latest updates of Syhunt
• Permission to use Syhunt tools in VA / pen-testing services*
• 24/7 Technical Support

(*) Premium license option only

• Browser Emulation & Standards (Web 2.0 Compatibility)
• Full list of features
• Full list of supported technologies & languages
• Full list of Syhunt checks

Testimonials

Customer Testimonials

"Wolverhampton City Council has used the Syhunt products for a number of years. We find them extremely thorough in comparison to other scanning tools and they form an essential part of our testing process."
Dave Woodcock, Security Team Leader, Wolverhampton City Council, United Kingdom

"Having being in contact with them over the past 4 years we must say that Syhunt's dedication to research and development, and their customer service department's fantastic responsive and personal customer support has really paid off."
Wipul Jayawickrama, Managing Director, Infoshield Consulting, Australia

"Solutionary constantly evaluates application and network scanning tools for use in our best-of-breed assessment approach. Syhunt consistently makes our list as one of the most effective and valuable tools on the market today."
Matt McDermott, Security Engineer II, Solutionary, Inc., United States

"We use a numbers of different security tools and techniques, including commercially available software and open sources tools. The major tools that are being used are eEye, ISS and Syhunt products as well as other products that meet the latest technology and security standards and have been approved by governmental institutions. Using a combination of these tools and techniques we are able to identify known security problems in our customer's networks."
Stealth-ISS

"As an information security professional, I'm always testing out new products to automate daily repetitive and otherwise time consuming manual tasks, and when performing web application security assessments, there is nothing more intuitive, efficient and flexible than Syhunt.

With a low level of false positives and an objective approach, Syhunt has been able to identify a wide variety of threats, such as web server configuration weaknesses, susceptibility to denial-of-service attacks, and ranging to many serious application vulnerabilities such as SQL Injection and Cross Site Scripting (XSS).

In my experience, Syhunt has proven its effectiveness to simulate numerous attack scenarios. It is a great product with an exceptional support team, which I recommend to organizations of any size."
Renato Andalik, Security Expert and CSO, Ertech Systems, Brazil

"The Syhunt Scanner incorporates very advanced techniques and features to prevent false positives and they work extremely well. This really helps to weed out the cluter and identify the real security vulnerabilities."
Paul Woroshow, Vice-President, Expert Systems Resources, Inc., Canada

"The Syhunt suite is a complete solution for performing website baseline assessments. It provides an easy to use interface and effective reporting to security staff members. Its use can be a great time saver and dramatically increase the overall security posture of an organization's web presence."
Brent Huston, CEO, MicroSolved, Inc., United States

"Syhunt Dynamic is the most comprehensive web server scanning tool that I have come across. When I need to scan web servers I use Syhunt because Nessus and other tools just don't have the depth of vulnerability database that Syhunt has."
Stuart Unsworth, Security Expert, Verizon Business, Australia

Reviews

Recent Reviews

2012: Top position in benchmark confirms Syhunt Dynamic as a leading web application security scanner

2011: WAVSEP scanner comparison shows Syhunt Sandcat 4 scores better than any other tools at detecting XSS flaws

"The Highest XSS detection ratio belongs to Syhunt, which detected nearly 100% of the overall test-cases."
Shay Chen, Web Application Vulnerability Scanner Evaluation Project (WAVSEP)

Read about the comparison

Past Reviews

"A robust, filter-evasion capable web application scanning tool. The newly added features have made this tool a must in the security side of web based application exploitation. This tool will help to identify problems before attackers can find them and exploit them."
Astalavista

"When we tried the software on an online Web app, it performed quite well; it managed to detect 56 vulnerabilities and also identified some potentially vulnerable scripts running on the Web app."
PCQuest

"Syhunt's Sandcat Suite is a relative newcomer to the web application security scanning market. It takes the classic "bruce-force" approach of security scanners, providing a large database of "known-file" and "known-vulnerable-web-app" signature checks. It also features the ability to perform custom fault-injection tests. We liked the GUI and the simplicity of Sandcat's user model. We had a very positive experience working with the product's development team"
Web Hacking Exposed

"Secure web site administration has become increasingly challenging and labor intensive. IT organizations rarely have adequate time to review web application code and server configuration changes before they are put into production. The result is predictable: web sites are vulnerable to numerous attacks. But being proactive is a tricky proposition for many organizations. Web application protection and vulnerability assessment technologies are enterprise-grade and typically come with a hefty price tag.

I've written articles before describing how small and medium businesses can build a web server vulnerability assessment toolkit. After completing an evaluation and running a number of tests, I recommend you consider Syhunt's Sandcat Suite of web application security tools."
Dave Piscitello, President, Core Competence Inc., United States

"The Sandcat suite brings industrial strength web security within the reach of even modest sized companies."
Ian Richards, Editor, TechSupportAlert, Australia

Screenshots

Scanner Interface

XSS Detection

Request Tab

Emulation Settings

Checks Screen

Browser Tab

Sandcat Browser

Browser Fuzzer

Page Info

Source Search