What's New in Syhunt 6.9.29

April 12, 2023

Syhunt Hybrid 6.9.29 expands AI-powered capabilities and adds SAST for Object Pascal

Last month, we announced Syhunt's first AI-powered capabilities, as well as scan reports in 8 languages and Selenium scripting support. Today we're proud to announce Syhunt 6.9.29, which further expands Syhunt's AI capabilities by adding the option to display examples of patched code alongside vulnerable code identified during a SAST scan to its report, as well as adds the much-requested and long-awaited SAST for Object Pascal, increasing the total of programming languages supported by Syhunt to ten.

The Object Pascal support is comprehensive and covers Android/iOS apps developed with Delphi XE, as well as web apps and other apps created with Delphi XE, legacy Delphi versions, such as Delphi 7, Lazarus e even DWS. A total of 256 checks were added for Pascal, covering 25 categories of vulnerability. This makes Syhunt the most comprehensive SAST tool for Object Pascal in the market.

Like other recently AI features added to Syhunt, the new ability to automatically add examples of patched code to reports uses privacy-by-design and efficient API use. When this new optional feature is enabled, Syhunt makes sure to send just excerpts of vulnerable code to OpenAI, while also taking precautions to make sure that no sensitive information, such as credentials and hardcoded information, are transmitted. Syhunt also caches the results to prevent duplicated queries.

"We are seeing a growing need for AI-powered cybersecurity solutions due to the increasing complexity of today's applications and environments. And these additions show that our development team are really committed to pushing the boundaries of what is possible in AI-driven application security.", says Satu Ohara, CEO of Syhunt.

Additional Improvements in 6.9.29

  • Expands Syhunt's AI capabilities. More
    • Added an option to AI Preferences that allows to extend remediation information with example of patched code. This option is enabled by default, but requires a .aipatchconsent file at the root of the target code repository to work.
    • Added an option to AI Preferences that allows to disable the extended report translation. This option is enabled by default.
  • Added support for Delphi and Object Pascal to Syhunt Code, including Android/iOS apps, legacy Delphi, Delphi XE, Lazarus e DWS. This includes over 256 checks covering 25 categories of vulnerability.
  • Added an option to the Site Preferences that allows to disable authentication brute force.
  • Improved error handling during Start URL initial access in Syhunt Dynamic.
  • Improve Python detection and error messages during automated login.
  • When setting maximum scan duration, limit maximum number of hours when provided as string to 24h.
  • Fixed: v1 hash change for ignore ID in SAST since version Reverted back to old v1 hash. New Ignore IDs showed in report now use v2 format, but old v1 ignore IDs are still compatible.
  • Fixed: error when scanning .ai domain.
  • Fixed: a false positive case during structure brute force related to a JSON response.

Happy AI-powered bug and breach hunting!