Syhunt Hybrid 6 is out


And it is the best one yet

Checks


Web Application Security Checks

Syhunt's database is the culmination of years of research by Syhunt and includes checks for a extremely wide array of different web application security threats, as shown below.

CheckCWE
Authentication Vulnerabilities
Authentication Bypass / Broken AuthenticationCWE-287
Automated Authentication Brute Force (Form & HTTP-Based)
Password DisclosureCWE-311
Unencrypted LoginCWE-319
Weak Password Hashing
Breach Confirmation
Breach Confirmation through Dynamic Analysis
Breach Confirmation through Source Code Analysis
Breach Confirmation through Web Server Log Analysis
Hidden Debug Parameter Discovery through Dynamic Analysis
Hidden Debug Parameter Discovery through Source Code Analysis
Hidden Debug Parameter Discovery and Injection through Hybrid Analysis
Innappropriate Content Detection
Malicious Content Detection
Web-Based Backdoor Detection through Dynamic Analysis
Web-Based Backdoor Detection through Source Code Analysis
Command ExecutionCWE-78
Command Execution through Dynamic Analysis
Command Execution through Source Code Analysis
Cross-Site Scripting (XSS)CWE-79
Cross-Site Scripting (XSS) through Dynamic Analysis
Cross-Site Scripting (XSS) through Source Code Analysis
Weak XSS Filter/Validation Bypass through Dynamic Analysis
Weak XSS Filter/Validation Bypass through Source Code Analysis
HTML5 Specific XSS
File InclusionCWE-98
Local File Inclusion (LFI) through Dynamic Analysis
Remote File Inclusion (RFI) through Dynamic Analysis
Local File Inclusion (LFI) through Source Code Analysis
Remote File Inclusion (RFI) through Source Code Analysis
NoSQL Injection 
NoSQL Injection through Dynamic Analysis (Error-Based) 
NoSQL Injection through Dynamic Analysis (Time-Based) 
NoSQL Injection through Source Code Analysis 
NoSQL Injection in MongoDB 
SQL InjectionCWE-89
SQL Injection through Dynamic Analysis (Error-Based)
SQL Injection through Dynamic Analysis (Blind)
SQL Injection through Dynamic Analysis (Time-Based)
SQL Injection through Source Code Analysis
SQL Injection in Access
SQL Injection in DB2
SQL Injection in dbx
SQL Injection in Firebird/InterBase
SQL Injection in FrontBase
SQL Injection in Informix
SQL Injection in Ingres
SQL Injection in MaxDB
SQL Injection in mSQL
SQL Injection in MySQL
SQL Injection in Oracle
SQL Injection in Ovrimos
SQL Injection in PostgreSQL
SQL Injection in SQL Server
SQL Injection in SQLite
SQL Injection in Swish
SQL Injection in Sybase
SQL Injection in Others
Code InjectionCWE-94
Code Injection through Dynamic Analysis (Print-Based)
Code Injection through Dynamic Analysis (Time-Based)
Code Injection in ASP Classic
Code Injection in ASP.NET
Code Injection in Java/JSP
Code Injection in Lua (Nginx, Apache, CGI-Lua, etc)
Code Injection in Perl
Code Injection in PHP
Code Injection in Python
Code Injection in Ruby
Code Injection in Server-Side JavaScript
Source Code DisclosureCWE-540
Source Code Disclosure through Injection
Source Code Disclosure through Content Analysis
Source Code Disclosure (ASP Classic)
Source Code Disclosure (ASP.NET)
Source Code Disclosure (Java/JSP)
Source Code Disclosure (Lua)
Source Code Disclosure (Perl)
Source Code Disclosure (PHP)
Source Code Disclosure (SSI)
Extension Checking
Double Extension Checking
Common Backup Extensions
Structure Brute Force
Admin Pages
Common Backup Files
Common Backup Folders
Database Disclosure
Old/Backup FilesCWE-530
Common Form Weaknesses
Email Form Hijacking
Hidden Price Form Field
AutoComplete Enabled (in sensitive form inputs)
Denial-of-Service (DoS)CWE-730
Client-Side Denial-of-Service
Denial-of-Service through Injection
Buffer OverflowCWE-120
Multiple Disclosure Vulnerabilities
Common Exposures
Information Disclosure through InjectionCWE-200
Information Disclosure through Content AnalysisCWE-200
Internal IP Address DisclosureCWE-200
Path Disclosure through InjectionCWE-211
Path Disclosure through Content AnalysisCWE-211
Directory ListingCWE-548
Web Technology Disclosures
Suspicious HTML Comments
XPath InjectionCWE-91
XPath Injection through Dynamic Analysis
XPath Injection through Source Code Analysis
LDAP InjectionCWE-90
LDAP Injection through Dynamic Analysis
LDAP Injection through Source Code Analysis
Unvalidated RedirectsCWE-601
Unvalidated Redirects through Dynamic Analysis
Unvalidated Redirects through Source Code Analysis
CRLF Header InjectionCWE-93
CRLF Header Injection through Dynamic Analysis
CRLF Header Injection through Source Code Analysis
Expression Language (EL) InjectionCWE-917
Cookie Manipulation
Cross Frame ScriptingCWE-352
Dangerous MethodsCWE-749
Default ContentCWE-276
Directory TraversalCWE-22
Server-Specific Vulnerabilities in IIS, iPlanet & Others 
Server-Side Includes (SSI) Injection 
XML InjectionCWE-661
XML External Entity (XXE) InjectionCWE-827
Known Vulnerable Apps
Known Vulnerable Apps (Apache Struts)
Known Vulnerable Apps (ASP Classic)
Known Vulnerable Apps (ASP.Net)
Known Vulnerable Apps (ColdFusion)
Known Vulnerable Apps (Dynamic HTML)
Known Vulnerable Apps (Flash)
Known Vulnerable Apps (Java / JSP)
Known Vulnerable Apps (Perl)
Known Vulnerable Apps (Python)
Known Vulnerable Apps (Ruby)
Known Vulnerable Apps (SSI)
Known Vulnerable Apps (IIS)

Supported Server-Side Languages

ASP (Classic)
ASP.Net
Java / JSP
Javascript
Lua
Perl
PHP
Python
Ruby