What's New in Syhunt 6.8.3

May 1, 2020

Note: Syhunt 6.8.4 (released in May 21) includes an update notification feature and some bug fixes.

Syhunt Hybrid 6.8.3 released, adds enhanced DAST fingerprinting, manual login and more

We're happy to release Syhunt Hybrid version 6.8.3. The new release brings many important DAST improvements, including enhanced web server fingerprinting, integration with Google Chrome and Mozilla Firefox, hybrid client-side JavaScript code analysis (SAST-within-DAST), and more.

Syhunt Hybrid 6.8.3 adds Hunter-Sense™, a fingerprinting feature that allows the detection of the hidden versions of server software and components. If an Apache or Nginx web server or server module is configured to hide its version, Syhunt Hunter-Sense is many times able to reconstruct the incomplete "picture" and determine the version number of the server and its components, such as PHP, mod_ssl, OpenSSL and Phusion Passenger. The pioneer feature is based on an analysis we conducted of patterns found in 1 million Internet websites and allows Syhunt to detect outdated, vulnerable server software and components that would go otherwise unnoticed.

Outdated Server Sofware Detection

Syhunt Hybrid 6.8.3 adds over 1200 checks for outdated, vulnerable server software, covering over 30 web server software and components — powered by its new Hunter-Sense fingerprinting capabilities. In addition to this, Syhunt Code has been integrated with Syhunt Dynamic to perform extended hybrid analysis of client-side JavaScript - Syhunt's SAST now runs from within its DAST. This innovative SAST-within-DAST approach allows that both custom vulnerable JavaScript code and outdated, vulnerable third-party JavaScript libraries are detected client-side through dynamic analysis.

Manual Login in External Browser

Syhunt Hybrid 6.8.3 integrates with Google Chrome and Mozilla Firefox without the need of installing a browser extension. This adds the ability to launch a scan against a web application after logging in from an external web browser instance - an easy 3-step process. Alternatively, automated login and manual login through Syhunt's built-in, Chromium-based Sandcat browser is still available.

Other Improvements

  • Moved crawling depth limit option and OAST option to the Site Preferences screen.
  • Changed default browser emulation mode and user agent to Chrome.
  • Improved parsing of JavaScript in HTML files.
  • Report generation now runs in an isolated task.
  • Allow SSH protocol in GIT URLs
  • Fixed: crash during outdated code check when scanning known third-party script.

We hope you enjoy the new release!