August 28, 2015
Syhunt releases Community Edition of its hybrid application security scanner - We're pleased to announce the immediate availability of Syhunt Community. This is the first release of a free, community edition of our flagship product Syhunt Hybrid, available at no-charge for the community. Syhunt Community is built on top of Syhuntís open source pen-test oriented web browser Sandcat and can be used for scanning web applications for multiple types of vulnerabilities, including commonly exploited coding mistakes, through both dynamic and source code analysis. Some of the vulnerabilities covered include:
- Cross-Site Scripting (XSS)
- SQL Injection (for MySQL and Oracle powered web applications)
- Unvalidated Redirects
- Directory Listing
- Directory Traversal
- Information Disclosure
- Old/Backup Files (Common Backup Files & Folders)
- Path Disclosure
- Source Code Disclosure
Syhunt Community comes without any time restrictions and although not nearly as complete as the full-featured Syhunt Hybrid product (see a full comparison), it can help security auditors and developers to start improving the security of web applications and websites right away, helping evaluate the coding practices currently in place within an organization or a group. The first incarnation of Syhunt Community carries the 5.3 version number, which is the current version number of Syhunt Hybrid - it runs under any modern Windows version and can be downloaded at the link below. Feel free to try it - there is no license required, and if you wish, it is possible to upgrade to the commercial edition of Syhunt through our online store, and obtain full vulnerability detection with the most complete feature set included.
Download Syhunt Community 5.3
June 17, 2015
Syhunt Hybrid 5.3 brings dramatically improved detection accuracy - We're proud to announce another milestone in the evolution process of Syhunt Hybrid with the addition of a significant number of new vulnerability checks and improved detection of JSP-based vulnerabilities to its DAST (dynamic application security testing) component. The new checks give the product the ability to achieve 100% detection of today's WAVSEP vulnerabilities and an even higher detection of vulnerabilities in custom web applications:
- SQL Injection & XSS - Syhunt Hybrid can detect 100% of the SQL Injection and XSS vulnerabilities, but now all SQLi false positive cases in WAVSEP are correctly handled and additional SQLi checks were added.
- Local File Inclusion - Syhunt Hybrid is now able to detect 100% of the WAVSEP 1.5 LFI cases (all of the 816 cases) during fast or normal scans.
- Remote File Inclusion - With the improved RFI and LFI detection, Syhunt Dynamic reaches the same results obtained by AppScan in the last WAVSEP, which was #1 at the time. Syhunt Dynamic is now able to detect 100% of the WAVSEP 1.5 RFI test cases, becoming tied with it.
- Unvalidated Redirect - Syhunt is now able to detect 100% of the Unvalidated Redirect cases that are part of the WAVSEP 1.5 test environment.
- Hidden, Obsolete & Backup Files - Syhunt is now able to detect all of the latest WAVSEP hidden file cases (including copied files).
Other changes include:
- New hunt methods for the improved categories:
- fileinc - Checks for Remote & Local File Inclusion. Works for both code and dynamic scans.
- fileold - Checks Hidden, Obsolete & Backup Files, but not as aggressively as the structbf (Structure Brute Force) method. Applies only to dynamic scans.
- unvredir - Checks for Unvalidated Redirect vulnerabilities. Works for both code and dynamic scans.
- Improved URL parameter manipulation.
Syhunt Hybrid 5.3 is available free of charge to all registered Syhunt users.
March 26, 2015
Syhunt Hybrid 5.2 released with major improvements - We are happy to announce the immediate availability of Syhunt Hybrid 5.2. The new release is now tightly integrated with the latest Syhunt Dynamic, Syhunt Code and Sandcat Browser releases. Over the last months, the browser has been a major focus for Syhunt, which has resulted in numerous improvements such as better certificate handling, and major stability and performance enhancements. We're committed to continue improving the user experience and make modifications to take the product to the next level.
Thanks to all the organizations that have recently joined our customer community and the ones who have been with us since the beginning, who entrust us with their web application security needs and help us further enhance our tools.