Syhunt's whitebox scan (source code scan) can uncover multiple classes of application vulnerabilities and also identify key areas of the code that need review. Its static source code analysis functionality can detect cross-site scripting, file inclusion, SQL injection, command execution and validation problems. Initially only PHP was supported. As of 2011, multiple web programming languages are supported.
Important: If you specify a hunt method other than Source Code Scan (codescan) you will be performing a gray or black box test and remote connections will be made. Read the Black Box or Gray Box guides for details on how to perform them.
SyMiniCS.exe localhost -sn:Scan1 -hm:codescan -srcdir:"C:\WWW\Docs\" -gr
Session Launcher doesn't support white-box testing. It can perform a hybrid scan though. Read the Gray Box guide for more details.