Syhunt's whitebox scan (source code scan) can uncover multiple classes of application vulnerabilities and also identify key areas of the code that need review. Its static source code analysis functionality can detect cross-site scripting, file inclusion, SQL injection, command execution and validation problems. Initially only PHP was supported. As of today, multiple web programming languages are supported.
Follow along with this guide to learn how to perform a source code scan and generate a vulnerability report.
How to perform a code scan
- Launch Syhunt Hybrid and click the Syhunt Code icon or New Scan button in the welcome page.
- Select a code directory to scan and press the OK button to start the scan.
In the end of the scan, you can click Generate a Report to save the results as a HTML report or any other prefered format.