RESPONSE: Syhunt Hybrid already detects the Fastjson, Spring4Shell & Log4Shell RCE vulnerabilities Learn more

What's New in Syhunt 6.9.12


February 22, 2022

Syhunt Hybrid 6.9.12 adds GitHub Actions integration and simplifies CLI

In the recent past, Syhunt announced integration with various systems, such as Azure DevOps, GitLab, TFS, Jenkins and JIRA, and GitHub Issues. Now we release Syhunt Hybrid 6.9.12 which adds integration with GitHub Actions and other user-requested enhancements, as well as simplifies the product's command-line interface. The new release makes it easier to launch SAST and DAST scans through the CLI maintaining backwards compatibility for launchers and callers in use, and allows the user to define a time limit for scans by specifying a number of days, hours or minutes. Integration with GitHub Actions is now officially supported and has been documented online, allowing Syhunt's application security scan tools to be integrated into continuous delivery pipelines created using the platform.

New Option: Time Limit

Syhunt 6.9.12 adds an option that allows to limit the scan time of Dynamic, Code and IcyDark scans. When the time limit is reached during a scan, the scan is automatically aborted.

  • Through Syhunt's UI: Set the value in the Advanced tab of the Dynamic Preferences dialog.
  • Through the Scheduler UI: Set the value in the Advanced tab of the Scheduled Scan preferences dialog.
  • Through CLI: Use the -tml option as described in the CLI documentation.
  • Through Lua, REST API, GitHub, GitLab or Powershell: Pass the timelimit parameter to the scan function as described in the integrations documentation.
  • Through Jenkins: Pass the timeLimit parameter to the scan function as described in the Jenkins integration documentation.

CLI Improvements

  • Added new variables that can be used in report file names: {$DT} (current date and time), {$DD} (current date) and {$TM} (current time) - Available through CLI and Scheduler
  • Removed the -gr CLI parameter. Now reports are generated by default.
  • Added the -nr parameter which allows to disable report generation
  • Removed the -gx CLI parameter. Exports are generated if -xout or -xout2 are provided.

Additional Improvements

  • Added new checks for outdated Nginx.
  • Improved: the Syhunt Hybrid's user interface now saves settings to the disk immediately after closing the preferences dialog (unless the Cancel button is pressed).
  • Improved: perform Denial-of-Service option moved from Start Dynamic Scan dialog to the site preferences dialog.
  • Fixed: technology version disclosure being added to specific compliance violation items.
  • Fixed: error after setting improper and overly big maximum response size in Dynamic preferences.
  • Fixed: a failure when performing NTLM authentication with Syhunt Dynamic.
  • Fixed: a false positive in Syhunt Dynamic related to a JSON error response.

Happy bug hunting!