What's New in Syhunt 6.5

December 26, 2018

Syhunt adds F5 BIG-IP ASM compatible vulnerability export, Jenkins extension, JIRA and GitHub integration, GIT support and more

Today we release version 6.5 of Syhunt Hybrid and Syhunt Community, a release with focus on integration with other systems such as Jenkins and F5 BIG-IP Application Security Manager (ASM), JIRA and GitHub issues, GIT source code control systems, as well as bringing UI improvements, spider improvements and framework-specific optimizations.

JIRA and GitHub Issues integration

Syhunt 6.5 is the first release to support JIRA and GitHub issues. Configuring an issue tracker is an easy task and vulnerabilities can be submitted to a specific project with the click of a button.

F5 BIG-IP ASM compatible scanner export

The F5 BIG-IP Application Security Manager (ASM) is able to import vulnerability scan results from Syhunt Dynamic scans, virtually patching vulnerable web applications - Syhunt 6.5 generates vulnerability exports compatible with the F5 BIG-IP ASM system. To generate the export, when saving a report, just select to save the file as type XML ASM.

Jenkins extensions

Syhunt 6.5 comes with extensions for Jenkins that allow web application security scans to be called from within a Jenkins Pipeline script, allowing customers to integrate the Syhunt Dynamic and Syhunt Code scanner tools into their continuous delivery pipeline, schedule scans and much more. The beta extensions add three Groovy functions called syhunt.scanURL(), scanCode() and scanGIT() that can be used to perform dynamic and source code scans (DAST and SAST) from within a pipeline execution, optionally failing a build if a certain criteria is met (like if High risk vulnerabilities are found).

GIT Protocol Support

Syhunt 6.5 adds support for GIT URLs in ScanCode CLI utility and Lua API, and support for GIT branches in both the CLI utility and the scanGIT() command for Jenkins. The examples below show how to scan a GIT repository.

-- from the command prompt
scancode git://sub.domain.com/repo.git
scancode https://github.com/user/repo.git -rb:master

-- from Jenkins pipeline script
syhunt.scanGIT([target: 'https://github.com/someuser/somerepo.git', branch: 'master', build: 'failifriskmedium'])

-- from Lua script
code:scanurl('https://github.com/someuser/somerepo.git', 'master')

Revamped Vulnerability Details screen

Syhunt 6.5 adds a revamped vulnerability details dialog with editing capabilities.

Additional Improvements and Changes

Additional improvements in Syhunt 6.5 include:

  • Added Dynamic Targets screen to launcher - allows to manage a list of common target URLs. You can access it through the purple bookmark icon in the Launcher toolbar or the New Scan dialog.
  • Added Rails framework, WII framework and WordPress related optimizations.
  • Added the ability to import and export a scan session from/to a file.
  • Reviewed hunt methods Malware Content and Structure Brute Force and enabled additional checks. Improved extension checking and structure brute force checks and fixed a false positive case.
  • Faster Authentication Bypass checks.
  • Improved fingerprinting and added detected languages and OS type to reports.
  • Improved XML exports.
  • Improved spider (improved web site caching and mapping).
  • This release comes with the latest Syhunt Sandcat browser updates and drops support for Windows Vista.

We hope you enjoy the new release!