What's New in Syhunt 6.9.25

October 26, 2022

Syhunt Hybrid 6.9.25 adds enhanced vulnerability reports, and more

In parallel to today's Syhunt participation at the Security Leaders congress in Sao Paulo, where Syhunt is introducing its dark web monitoring solution Syhunt Breach, today we release Syhunt version 6.9.25. The new release comes with a revamped and responsive HTML report, an enhanced PDF report, bulk report generation, grouping of similar vulnerability instances, and summary of scans, making the reporting side of the tool keep pace with all the back-end engine evolution introduced over the last years. In addition to the enhanced reports, Syhunt 6.9.25 enhances integration with issue trackers and significantly reduces memory footprint while performing Dynamic scans.

The enhanced report has been optimized for mobile, tablet and desktop sizes and also performs automatic grouping of similar instances of vulnerabilities into a single item.

Improvements in Version 6.9.25

  • New, revamped responsive HTML and PDF report template.
  • Reviewed and significantly improved memory usage during Dynamic scans.
  • When generating a SAST report, prevent similar instances of the same vulnerability within a file to be displayed as individual vulnerability entries and instead display such instances within the first reported entry.
  • Added a new button in the Past Sessions screen that allows to generate summary report of scans by scan methodology. The period covered can be set through the button List Sessions By Period.
  • Added the ability to list all sessions for a given month to the option List Sessions By Period.
  • Added the ability to generate reports for multiple selected sessions in the Past Sessions screen.
  • In Menu -> Preferences -> Other Hybrid Preferences, it is now possible to set the default output format in the save dialog when saving a scan report.
  • Issue trackers now have a "Notify only when fail condition is met" option. If this option is emabled, the tracker will only be notified if the fail condition provided through the CLI or scheduler is met.
  • Through CLI, this can be dynamically modified by passing ?notifyonfailonly=1 after the name of the tracker.
  • Improvements and fixes in manual authentication method using Sandcat browser.
  • Auto handle off-domain redirect in Start URL moved from New Scan dialog to Site Preferences screen.
  • Improved Breach severity evaluation.
  • Improved robots.txt handling in Dynamic.
  • Improved detection of outdated assets in Dynamic.
  • Improved timeout handling in Dynamic.
  • Improved Authentication Bypass check, addressing a false positive case.
  • Additional spider optimizations added to Dynamic.
  • Syhunt CLI now sets the process exit code when a provided pass/fail condition is met.
  • Improved detection of Jenkins path during setup.
  • Improves handling of non-standard header in Dynamic.
  • Improved Hidden Price Form Field and Email Form Hijacking checks to detect additional cases and prevent a false positive case.
  • Fixed: CVE-2013-6420 receiving medium CVSS3 score, when it should be high.
  • Fixed: a false positive case related to database disclosure.
  • Fixed: a SSRF false positive case in Code involving an AJAX query.
  • Fixed: a case of redundant reporting of hardcoded IP address by Syhunt Code.

Happy bug and breach hunting!