Installation Guide

The information in this document applies to version 7.0.13 of Syhunt Hybrid.

Introduction

Syhunt Hybrid 7.0 is a 64-bit multi-platform application security scanner that runs on Windows and Linux, such as CentOS and Ubuntu Desktop/Server with near zero effort and out-of-the-box on Kali Linux and Parrot Security operating systems. Syhunt Hybrid allows to perform web and mobile application security testing (DAST and SAST) and integrate with a variety of systems for continuous integration and scanning. Syhunt licenses allow you to have access to at least two versions of the product: Windows or Linux.

Comparison Between Syhunt Versions

 Hybrid for WindowsHybrid for Linux
InterfaceGUI, Web UI, CLI and RESTWeb UI, CLI and REST
 
Augmented Dynamic Analysis (DAST + OAST)
Web Application Source Code Analysis (SAST)
Mobile Application Source Code Analysis (MAST)
Dark Web Exposure Testing (DWET)
Forensic Analysis (FAST)
Deep AJAX Crawler
AI-Powered Capabilities Patched Code Examples
AI-Powered Login
Patched Code Examples
AI-Powered Login
Integrations Shell (PowerShell)
Issue Trackers (GitHub, GitLab, JIRA...)
CI/CD Tools (GitLab, GitHub & Jenkins)
Supported WAFs for Virtual Patching
Scan Azure DevOps / TFS project URLs
Shell (Bash)
Issue Trackers (GitHub, GitLab, JIRA...)
CI/CD Tools (Jenkins)
Supported WAFs for Virtual Patching
Scan Azure DevOps / TFS project URLs
Scan Scheduler Coming soon
OSes/Distributions CompatibilityOfficially:
Windows 11
Windows 10
Windows Server 2012 to 2019
Unofficially (Successfully Tested):
Windows 7
Officially:
Ubuntu Server/Desktop 18 and later
CentOS 7 and later (Minimal or Everything)
Unofficially (Successfully Tested):
See the Linux distro list
macOS Monterey
AvailabilityAvailable Now (Native Win64 Binaries)Check Availability of Native Binaries for your distro
Available Now (Wine-Powered Installation)

Installing Syhunt on Windows

Syhunt Hybrid for Windows (Full Version)

If you are a registered customer: Please follow the initial steps in our welcome guide to download, install and start using the full version of Syhunt Hybrid.

If you are a community (non-registered) user, you can use Syhunt Community:

Syhunt Community for Windows (Free Version)

  1. (Optional) Download and install GIT for Windows (if you have not done so yet) if you plan to scan GIT repositories with Syhunt
  2. Download Syhunt Community (syhunt-community-7.0.10.3.exe)
  3. After downloading the exe file, double-click its icon to launch it.
  4. You should read carefully the EULA presented to you on installation before accepting it.
  5. It's an easy next-next-finish installation process. When you click Finish, Syhunt will be launched and is ready for use - you should immediately see the Launcher screen.

Syhunt Community ˣ⁶⁴ CLI for Windows (Free Version)

  1. Download Java and install it (if you haven't done so already)
  2. (Optional) Download and install GIT for Windows (if you have not done so yet) if you plan to scan GIT repositories with Syhunt
  3. Download Syhunt Community Core (syhunt-community-7.0.10.3.jar)
  4. After downloading the jar file, double-click its icon to launch it.
  5. You should read carefully the EULA presented to you on installation before accepting it.
  6. It's an easy next-next-finish installation process. When you click Finish, Syhunt CLI tools are ready for use.

What's next? Read our quick start and integration guides.

Installing Syhunt on macOS

Please follow the installation guide for macOS.

Installing Syhunt on Linux

Syhunt Hybrid ˣ⁶⁴ for Linux (Full Version)

If you are a registered customer: Please follow the initial steps in our welcome guide to download, install and start using full version Syhunt Hybrid.

If you are a community (non-registered) user, you can use Syhunt Community:

Syhunt Community ˣ⁶⁴ for Linux (Free Version)

Syhunt Community for Linux is now available for download. This is the Carbon version (Wine-Powered installation of Syhunt), compatible with most 64-bit Linux desktop and servers. Native ELF binaries for Syhunt Community for Linux are in the final stages of development and expected to become available gradually from October 2022 onwards - those will run without the need of having Wine installed and are expected to be available for Ubuntu and CentOS distributions.

Follow the Syhunt installation guide for the Linux distribution you use.

DistributionGuide Difficulty Level
Kali LinuxVery Easy
Parrot OSVery Easy
FedoraVery Easy
MX LinuxVery Easy
Ubuntu Desktop/ServerEasy
Oracle LinuxEasy
Alma LinuxEasy
Rocky LinuxEasy
Amazon Linux 2Easy
Amazon Linux 2023Easy
CentOS (Everything/Minimal)Easy
DebianEasy
openSUSEEasy
KDE NeonEasy
DeepinEasy
ManjaroEasy
Red Hat Enterprise (RHEL)Easy
Arch LinuxMedium
Linux Mint20: Easy, 19 or later: Medium
Elementary OS5.1: Easy, 5.0: Incompatible
SolusIncompatible (Unstable)

System Requirements

Syhunt Hybrid (including its Community Edition) can be installed on 64-bit versions of Windows or Linux, but it is able to analyze applications designed for any target platform, including Android, Apple iOS and macOS, BSD, Linux, Windows, Solaris and Unix, independently of the platform it is executed from.

  1. 4GB of available RAM (8GB recommended)
  2. 2GB of free disk space*
  3. Internet Connection (recommended for code scans and dynamic scans and some features)
  4. One of the following compatible 64-bit operating systems:
    1. Windows 10 or 11, or Windows Server 2012 to 2022 (x64 or ARM64). On Windows Server, it is important to ensure that you have the WebView2 Runtime installed. If the WebView2 Runtime is not installed, Syhunt will issue a warning when launching its user interface. You can find it in the Evergreen Standalone Installer.
      1. Make sure you have Edge preloaded on system startup. On Windows 10, Edge preload is already a default system setting. On Windows Server, you have to enabled the Edge preload manually. On Windows 11, our tests showed that disabling the Edge preload would not make any difference.
    2. Kali 2024.3 or higher
    3. Ubuntu Server or Desktop 18 or higher
    4. Debian 9 or higher
    5. Fedora 32 or higher
    6. Any unofficially supported OS**, like a Linux distribution such as the ones listed below, or macOS Big Sur or higher (Intel).
  5. (Optional) GIT on Linux/macOS or GIT for Windows (optional for GIT repository scans)
  6. Java or Java Headless installed on Linux/macOS
  7. If native binary is not available for your specific OS type or distribution yet, Wine64 Stable (3, 4 or 5) is required to be installed.
  8. (Optional) Java 8 or higher (optional for Android APK file scan)
  9. (Optional) Python 3.7.0 or higher, Selenium module and Chrome browser version 109 or higher (optional for extended scripting capabilities)
  10. (Optional) OpenAI API key to enable AI-powered features

* This does not include the space required to save scan session data, which varies depending on the website or source code being analyzed and the scan frequency.

** Unofficially supported OS: means that while the product has been successfully tested and the installation process has been documented, Syhunt does not provide technical support or assistance for issues related to the product's performance on that particular OS. If you choose to use the product with an OS that is not officially supported, you may encounter compatibility issues, errors, or bugs. Therefore, it is always recommended to use a supported OS to ensure optimal performance and compatibility with the product.

Compatible Linux Distributions

Officially Supported:
Ubuntu Server/Desktop 18.10 and later
Debian 9 and later
Fedora 32 and later
Unofficially (Successfully Tested):
CentOS 7.7 and later (Minimal or Everything)
Kali Linux 2019 and later
Parrot OS 4.1, 4.7 and later
Linux Mint 19.2 and later
OpenSUSE Leap 15.1 and later
Fedora 32
MX Linux 19.1 and later
KDE Neon 2020.03 and later
Deepin 15.9
Manjaro 19
Arch Linux 2019 and later
Unsupported:
Elementary OS 5.1 (Successfully Tested), 5.0 (Unsupported)
CentOS 6.1 (Successfully Tested)
Solus 4.1 (Unstable)

Internet Connection Requirements

The machine on which Syhunt is installed must be allowed to open HTTP(S) requests to the following Internet addresses:

DomainPortsFeature
Specific target domain(s)80, 443*The domain hosting the web application or codebase you want to scan
Any or specific asset domain(s)80, 443Optional, if you want externally hosted JavaScript files and assets to be analyzed during DAST or SAST (Recommended)
syhunt.fra1.cdn.digitaloceanspaces.com443Required (Assets for installation and auto-updating)
www.syhunt.net80, 443Required (Assets for HTML/PDF generation, update notification, auto-updating, and more)
signal.syhunt.net80, 443Required during DAST for performing OAST (Important)
api.openai.com443Required by AI-powered features
fonts.googleapis.com80, 443Required (Assets for HTML/PDF generation - Fonts)
www.google.com443Required (Assets for HTML/PDF generation - Google's JSAPI)
www.gstatic.com443Required (Assets for HTML/PDF generation - Google's JSAPI)

* If your target is using a non-standard port (eg, 8080), or you want to connect to a GIT address using SSH, or other protocols, you need to allow these ports as well.

If you use a personal firewall, you'll just have to let the firewall know that Syhunt is authorized to make connections to the Internet.

Finishing the Installation

  1. Download Syhunt Community or Syhunt Hybrid using a web browser like Chrome or Firefox, wget or curl command.
  2. Run the Syhunt setup application (On Windows and Linux distros the setup will run if you just open the file after giving it the appropriate permission):
    • Hybrid: java -jar syhunt-hybrid-7.0.14.0.jar
    • Community: java -jar syhunt-community-7.0.10.3.jar
  3. Alternatively, on Linux, if you have binfmt-support installed (sudo apt install binfmt-support, to install it), give the jar file executable permission (chmod a+rx setupfilename.jar or using the file properties of the jar file) and execute it directly:
    • Hybrid: ./syhunt-hybrid-7.0.14.0.jar
    • Community: ./syhunt-community-7.0.10.3.jar
  4. Read carefully the EULA presented to you on installation before accepting it.

It's an easy next-next-finish installation process. When you click Finish, Syhunt tools are ready for use.

Syhunt will (by default) be installed in /home/[user]/syhunt-hybrid or /home/[user]/syhunt-community

Console mode

Alternatively, if the Syhunt setup is running in console mode:

  1. Give 1 to accept after reading EULA (if you agree with its terms) or 2 to reject it (if you reject the terms, you cannot install and use Syhunt)
  2. Press enter to install using the default installation path
  3. Enter 1 to continue the installation
  4. Enter Y (Yes) to install Syhunt Core
  5. Enter 1 to continue. After that you should see a message saying: console installation done.

What's next? Read our quick start and integration guides.

Enabling PDF Reports on Headless Linux

If you are running Ubuntu Server, CentOS Minimal or other headless Linux distro, before trying to generate a PDF report, you will need to install and start xvfb.

Enabling Plus Extensions

After installing Syhunt Hybrid on Linux, if you wish to enable Plus extensions - APK support and GIT support within the web UI, you need to install the Syhunt Hybrid Plus extensions.

  • Download and install with its default settings the Syhunt Hybrid Plus extensions: syhunt-hybrid-plus-1.1.jar.

To scan Android APK files for mobile application security vulnerabilities on a Windows machine, please download and install Java 8 or higher.

Enabling Extended Scripting Capabilities

  1. Download and install the Chrome browser version 109 or superior from https://www.google.com/chrome/
  2. Download and install Python 3.7.0 or superior from https://www.python.org/downloads/. Make sure not to install the Python app from the Microsoft Store or it will not work with Syhunt.
  3. Install Selenium using the command: pip install selenium
  4. Make you sure you add the path to the Python interpreter to the Windows Environment Variables under System Variables, not just the User Variables. If you need to find the Python path, type the command where python. Alternatively, you open the Python prompt and execute: import sys; print(sys.path) to reveal its path.
    1. If you don't now how to add the variable, see the following guide How to set the path and environment variables in Windows.
  5. Finally, if you have Syhunt version 7.0.13.4 or superior, confirm if everything is OK by running the command scancore -runcmd:checkdeps from within the directory where Syhunt is installed.

Updating Syhunt

You can download and install the updates directly from the Syhunt website. If you have Syhunt Hybrid version 6.8.4 or higher, Syhunt will also notify you about new releases both in its Launcher interface and reports.

On Linux or macOS, you can use the command scanupdate to check for updates. If updates are available, Syhunt will ask if you want to download and install them. If you call scanupdate auto, Syhunt will check for updates and automatically install them when the command is executed without asking for user confirmation.

There is no need to uninstall Syhunt before installing a new version, unless you are updating Syhunt Community CLI under Windows.

Uninstalling Syhunt

On Windows operating systems, Syhunt creates a uninstall shortcut in the Start Menu under the Syhunt Community or Syhunt Hybrid folder, and an uninstall entry in the Program and Features area of the Windows Control Panel which allow to uninstall Syhunt completely.

On Linux or macOS operating systems, go to the directory where you installed Syhunt and execute the command:

java -jar Uninstall.jar

Contact