Syhunt Dynamic

Scan your web app thoroughly for security flaws

Experience the Power of Augmented Dynamic Analysis (DAST and OAST) with Syhunt Dynamic. Effortlessly detect and fix your web application security vulnerabilities with Syhunt Dynamic's comprehensive suite of features. Simply enter a start URL and get detailed vulnerability information right away.

Leverage the power of our deep crawler and automated injector to map your website structure, adapt to changing conditions, analyze responses, and test against thousands of real-world attacks.

Available for on-premises deployment for businesses using Windows, and Linux.

View Product Brief View Datasheet

Syhunt Dynamic in Numbers


Vulnerabilities Detected    7000+

Injection Checks    570+

Vulnerability Categories Covered    68+

Know Our Features


Deep Crawler

Syhunt Dynamic maps the entire web site structure (all links, forms, XHR requests and other entry points) and locates custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests. The scanner behaves as Chrome, Firefox and IE, and even simulates user interaction (key press, mouse click, etc).

Advanced Injector

Tests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes. While performing a scan, Syhunt injects data in the web apps and subsequently analyzes the application response in order to determine if the application code is vulnerable.

Code Analysis Extensions

When used from within Syhunt Hybrid, the Syhunt Dynamic scanner is able to expand the scope of the web application security testing, covering the web app source code as well. Supported languages include ASP, Java, JS, Lua, Perl, PHP, Python & Ruby.

Learn more


Syhunt Dynamic integrates with GitLab and Jenkins for Continuous Integration (CI), JIRA, GitHub and GitLab for issue tracking, Imperva SecureSphere and F5 BIG-IP Application Security Manager (ASM) for virtual vulnerability patching, and more.

Learn more

CVSS Support

Syhunt Dynamic comes with full support for the Common Vulnerability Scoring System, an industry standard designed to convey vulnerability severity and help determine urgency and priority of response. When a report is generated, vulnerabilities are sorted by default based on their CVSS3 score.

Learn more

Scan any kind of web environment

Syhunt Dynamic offers the degree of flexibility and versatility required to support any web environment, anywhere. It has been designed to intelligently handle complex, large web sites and automatically adapt to different web environments and technologies.

While spidering a web site and hunting vulnerabilities, Syhunt Dynamic emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested. Syhunt's browser emulation feature set includes:

  • Intelligent HTML parsing (handles malformed HTML like a web browser)
  • JavaScript emulation (ability to behave as Chrome, Firefox and IE)
  • User interaction simulation (key press, mouse click, etc)
  • HTML 5-aware
  • CSS 3-aware
  • XHR request support
  • Auto form filling & form login
  • Process isolation/Multi-process scanning (each website scan you start is a different process on your operating system)
  • Cookies support
  • HTTPS support (SSL 2/SSL 3/TLS 1)
  • Certificates support
  • Basic & NTLM authentication support
  • HTTP 1.0 and 1.1 support
  • Keep-Alive support
  • HTTP redirection support

Check for the Top vulnerabilities

Syhunt Dynamic allows you to scan for the top vulnerabilities attackers use against web applications.

OWASP Top 10

The OWASP Top Ten is a list of vulnerabilities that require immediate remediation. Existing code should be checked for these vulnerabilities immediately, as these flaws are being actively targeted by attackers. The OWASP Foundation encourage companies to adopt the OWASP Top Ten as a minimum standard for securing web applications.

SANS Top 20

The SANS Top 20 includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. The SANS Institute updates the list and the instructions as more critical threats and more current or convenient methods of protection are identified. It is a community consensus document.


The Syhunt scanners fully supports CVE (Common Vulnerabilities and Exposures) & CWE (Common Weakness Enumeration), being able to scan for the top CWE entries related to web applications. Syhunt is also on the Mitre Corporation's CVE-compatible list of products and services. The Mitre Corporation is the author of the standard itself.

Compliance Auditing

Syhunt can help your organization address the most pressing compliance issues such as:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley (GLBA)
  • Payment Card Industry (PCI) Data Security Standard
  • ISO/IEC 27001
  • CA-SB1
  • Sarbanes-Oxley

Learn more

Main Supported Languages

ASP (Classic)
Java / JSP


...the best web app security assessment tool out there. Rapidly updated to cover new vulnerabilities as they arise and very easy to use. more

Robert Davies, CEO, Stealth-ISS, USA of the most effective and valuable tools on the market today.

Matt McDermott, Security Engineer II, Solutionary, USA

More Testimonials

In the News

Tools like Syhunt make an application's vulnerability much simpler to detect, no longer requiring a “hacker” level skill set.

SC Magazine

We liked the GUI and the simplicity of Syhunt‘s user model. We had a very positive experience working with the product‘s development team

Web Hacking Exposed

More Quotes

Buy Product

Syhunt Dynamic runs under any modern 64-bit Linux or Windows version, including Windows 10 and 11 (Specs)