Syhunt's whitebox scan (source code scan) can uncover multiple classes of application vulnerabilities and also identify key areas of the code that need review. Its static source code analysis functionality can detect cross-site scripting, file inclusion, SQL injection, command execution and validation problems. Initially only PHP was supported. As of today, multiple web programming languages are supported.
Follow along with this guide to learn how to perform a source code scan and generate a vulnerability report.
How to perform a code scan
- Launch Syhunt Hybrid and double-click the Syhunt Code icon in the welcome page.
- Configure any custom source code extensions, if required (you can do this under Menu|Preferences -> Advanced tab). For example: if you have PHP scripts with a .foo extension, add ".foo=.php". Hit OK to save the settings.
- Press the Scan button in the toolbar, select a code directory to scan and press the OK button to start the scan.
In the end of the scan, you can click Generate a Report to save the results as a HTML report or any other prefered format.