Syhunt Hybrid 6.9.13 adds Spring4Shell vulnerability detection, expands SCA and DWET capabilities

Syhunt's breach hunting tool (formerly IcyDark) is now Syhunt Breach.

Last week we all learned about the critical Spring4Shell (CVE-2022-22965) vulnerability that affects Spring apps and that when exploited by attackers may result in remote command execution. Today we release Syhunt Hybrid 6.9.13 which adds the detection of the Spring4Shell vulnerability to Syhunt tools, Syhunt Dynamic, Syhunt Code and Syhunt Forensic (formerly Insight). In addition to this critical DAST check, Syhunt 6.9.13 expands its SCA component in Syhunt Code to cover the Spring4Shell vulnerability and adds 260 new ransomware related leaks to its Syhunt Breach tool (formerly IcyDark), reaching a total of 3103 ransomware group leaks.

Expanding SCA Capabilities

In 2019, Syhunt added the detection of outdated vulnerable JavaScript code to Syhunt Code 6.6, a feature of SCA (software composition analysis) tools. This made Syhunt Code go beyond SAST (static source code analysis). In December 2021, the SCA component, known as Syhunt Code Composition, has been updated to cover Log4J vulnerability and now it has been updated to detected the Spring4Shell vulnerability as well. Syhunt Code Composition checks for vulnerable Spring, SpringBeans, SpringBoot, SpringWebFlux and SpringWebMVC packages and currently is available at no additional cost as part of Syhunt Code.

Product Name Changes

Today we are also announcing a few product name changes: the Syhunt IcyDark product will now be called Syhunt Breach and the Syhunt Insight log scanner will now be called Syhunt Forensic. The name change will more accurately reflect the nature of the product which expanded its coverage to support not only dark web breach hunting, but also breach prevention, forensic analysis and on-demand services through Syhunt Hybrid's console. Despite the name changes affecting the mentioned products, Syhunt's dark web monitoring division will continue to be called Syhunt Icy.

The old product names and the corresponding new names

Improvements in Version 6.9.13

• Added 260 new ransomware related leaks to Syhunt Breach, reaching a total of 3103 ransomware group leaks
• Added 69 additional vulnerability checks for ASP.NET apps in Syhunt Code, covering various vulnerability categories.
• Added integration with DefectDojo dashboard
• Added check for Spring4Shell (CVE-2022-22965) vulnerability to Syhunt Dynamic.
• Added checks for Spring4Shell vulnerability to Syhunt Code Composition: checks for vulnerable Spring, SpringBeans, SpringBoot, SpringWebFlux and SpringWebMVC components.
• Added checks for web backdoors related to Spring4Shell to Syhunt Dynamic.
• Added checks for Spring4Shell scans to Syhunt Forensic log scanner.
• Added a new hunt method called Spring4Shell, which allows to scan specifically for the Spring4Shell vulnerabilities in Syhunt Dynamic and Code. This method is also available through the CLI.
• Improved Debug Parameters check in Syhunt Dynamic.
• Make it easier to enter business registration number in domain preferences screen.
• Improved session and token management in Syhunt Dynamic.
• Improved form handling in Syhunt Dynamic.
• Improved crawling in login situations.
• Optimized scan against vulnerable targets in Syhunt Dynamic.
• Improved PHPInfo detection in Syhunt Dynamic.
• Added detection of weak session ID in Syhunt Dynamic.
• Upgraded GitLab JSON format to version 14.0.4.
• GitLab compatible JSON export can now be generated by providing output filename with double extension .dast.json or .sast.json.
• Setup binaries for Windows are now signed with Syhunt's code certificate.

Happy breach hunting!