What's New in Syhunt 6.1

May 17, 2018

Seven months later after the last big release of Syhunt, we're back with a significant update. Today we release version 6.1 of Syhunt Community and Hybrid. This version comes with the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities, a long-awaited and much requested feature that makes Syhunt an ideal tool for both penetration testing and code review of Java apps (DAST and SAST).

Ready to download and use

We comprehensively tested and reviewed the Syhunt 6.1 code scanner results with the help of over 1600 vulnerable Java web apps originated from the WAVSEP project, the NIST SAMATE project and Syhunt Lab's own test cases, reaching highly accurate detection rates of Cross-Site Scripting (XSS), SQL Injection, File Inclusion and many other security flaws. The full list of checks is available below.

Code Checks for Java (Stable)

Syhunt 6.1 adds 70 comprehensive security code checks targeting Java web apps, covering:

  • Cross-Site Scripting (XSS)
  • SQL Injection - including HQL
  • Unvalidated Redirect
  • File Manipulation
  • Command Execution
  • HTTP Header Injection
  • LDAP Injection
  • XML Injection (XXE)
  • XPath Injection
  • Log Forging
  • Information Disclosure
  • Input filtering/validation analysis

Note: Checks above in gray color are only available in the professional editions of Syhunt.

Code Checks for Lua (Beta)

Syhunt 6.1 brings support for an additional language: Lua, and is able to scan (though in beta form) the source code of Lua-based web applications compatible with Apache's mod_lua, CGILua and Lua Pages for vulnerabilities such as:

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Local File Inclusion
  • Command Execution
  • Code Injection
  • HTTP Header Injection

Other Improvements in Syhunt Code 6.1

  • Improved XSS detection in multiple languages (classic ASP, ASP.NET & PSP).
  • Improved input filtering analysis.
  • Improved speed (scan optimization).
  • Improved support for short write tag in multiple languages.
  • Automatic Python WSGI script detection.

We hope you enjoy the new release!