Syhunt Dynamic


Scan your web app thoroughly for security flaws

Syhunt Dynamic comes with a wide array of features to detect and help you fix your web application security vulnerabilities with minimal effort. Simply enter a start URL and get detailed vulnerability information right away.

Syhunt Dynamic is composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks often carried by real-world adversaries.

View Datasheet


Deep Crawler

Syhunt Dynamic maps the entire web site structure (all links, forms, XHR requests and other entry points) and locates custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests. The scanner behaves as both Firefox and IE, and even simulates user interaction (key press, mouse click, etc).

Advanced Injector

Tests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes. While performing a scan, Syhunt injects data in the web apps and subsequently analyzes the application response in order to determine if the application code is vulnerable.

Code Analysis Extensions

When used from within Syhunt Hybrid, the Syhunt Dynamic scanner is able to expand the scope of the web application security testing, covering the web app source code as well.

Learn more


Scan any kind of web environment

Syhunt Dynamic offers the degree of flexibility and versatility required to support any web environment, anywhere. It has been designed to intelligently handle complex, large web sites and automatically adapt to different web environments and technologies.

While spidering a web site and hunting vulnerabilities, Syhunt Dynamic emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested. Syhunt's browser emulation feature set includes:

  • Intelligent HTML parsing (handles malformed HTML like a web browser)
  • JavaScript emulation (ability to behave as both Firefox and IE)
  • User interaction simulation (key press, mouse click, etc)
  • AJAX support
  • HTML 5-aware
  • CSS 3-aware
  • Auto form filling & form login
  • Process isolation/Multi-process scanning (each website scan you start is a different process on your operating system)
  • Cookies support
  • HTTPS support (SSL 2/SSL 3/TLS 1)
  • Certificates support
  • Basic & NTLM authentication support
  • HTTP 1.0 and 1.1 support
  • Keep-Alive support
  • HTTP redirection support

Check for the Top vulnerabilities

Syhunt Dynamic allows you to scan for the top vulnerabilities attackers use against web applications.

OWASP Top 10

The OWASP Top Ten is a list of vulnerabilities that require immediate remediation. Existing code should be checked for these vulnerabilities immediately, as these flaws are being actively targeted by attackers. The OWASP Foundation encourage companies to adopt the OWASP Top Ten as a minimum standard for securing web applications.

SANS Top 20

The SANS Top 20 includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. The SANS Institute updates the list and the instructions as more critical threats and more current or convenient methods of protection are identified. It is a community consensus document.

CVE & CWE

The Syhunt scanners fully supports CVE (Common Vulnerabilities and Exposures) & CWE (Common Weakness Enumeration), being able to scan for the top CWE entries related to web applications. Syhunt is also on the Mitre Corporation's CVE-compatible list of products and services. The Mitre Corporation is the author of the standard itself.

Compliance Auditing

Syhunt can help your organization address the most pressing compliance issues such as:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley (GLBA)
  • Payment Card Industry (PCI) Data Security Standard
  • CA-SB1
  • Sarbanes-Oxley

Learn more


...one of the most effective and valuable tools on the market today.

Matt McDermott, Security Engineer II

...the most comprehensive web server scanning tool that I have come across.

Stuart Unsworth, Security Expert

More Testimonials


Syhunt Dynamic runs under any modern Windows version from Windows XP through 10 (Specs)