FREE ACCESS & MORE: Syhunt takes action to help secure entities and businesses amid COVID-19 pandemic Read now

What's New in Syhunt Community

Version 6.8.4 (May 21, 2020)

  • Fixed: a browser behaviour issue involving hashtag usage in Syhunt Dynamic.
  • Fixed: Vulnerable Code section in reported vulnerability sometimes displaying vulnerable portions polluted in Syhunt Code.
  • Fixed: invalid license error in reports generated by Syhunt Community.
  • Added missing vcruntime140.dll dependency - this fixes an error message when opening dialogs in a specific situation.

Version 6.8.3 (May 1, 2020)

  • Improved fingerprint, including the ability to guess the server software version.
  • Added checks for vulnerabilities in various outdated server software and components.
  • Added the ability to perform SAST in client-side JavaScript code during DAST.
  • Moved crawling depth limit option to the Site Preferences screen.
  • Changed default browser emulation mode and user agent to Chrome.
  • Improved parsing of JavaScript in HTML files.
  • Fixed: re-scan source button not working in Syhunt Code toolbar since update 6.8.1.
  • Fixed: crash during outdated code check when scanning known third-party script.
  • Report generation now runs in an isolated task.

Version (April 7, 2020)

  • Faster fault injection testing in websites with large number of POST-based forms.
  • Improved relative path handling (overly long and POST URLs).
  • Improved fingerprinting (index).
  • Fixed: typo in newly introduced CWE Top 25 and OWASP PHP Top 5 hunt method names preventing them to work.

Version 6.8.2 (April 2, 2020)

  • Added the ability to scan the source code of web applications in Ruby (Rails and ERB) for security bugs with coverage for over 19 vulnerability categories, including: Cross-Site Scripting (XSS), SQL Injection, Arbitrary File Manipulation, Code Injection, Command Execution, Unvalidated Redirect and many more.
  • Added two new scan methods: CWE Top 25 and OWASP Top 10, which allow to scan specifically for the 2019 top 25 most dangerous software errors and the 10 most critical web application security risks.
  • Improved parsing of Python code.
  • Updated the application icon.

Version 6.8.1 (March 6, 2020)

  • Added the ability to scan a single source code file from the New Scan dialog.
  • Fixed: some redundant reporting of remote file inclusion vulnerabilities.

Version 6.8 (January 27, 2020)

  • Added dozens of checks for missing protection measures against attacks like clickjacking, content-sniffing XSS and others. This includes checks for missing or weak HTTP security headers, permissive HTTP Strict Transport Security (HSTS) policy, the use of deprecated policies and more.
  • Added 184 new security code checks targeting Swift and Objective-C, the primary iOS development languages.
  • Added additional XSS cases to Android checks.
  • Added new outdated Angular vulnerability checks (Prototype Pollution, DoS and multiple XSS vulnerabilities) in Syhunt Code.
  • Added syntax highlighting of C/C++ files and analysis of C/C++ header files.
  • Added new crawling optimizations for heavily dynamically generated web sites in Syhunt Dynamic.
  • Added the ability to import targets and bookmarks from CSV and list files.
  • Improved auto form filling of dynamically adjusted fields in Syhunt Dynamic.
  • Expanded the brute force against the structure of the Start URL path in Syhunt Dynamic.
  • Fixed: a Start URL redirect handling bug involving relative paths and improved an additional case of JS redirect handling in Syhunt Dynamic.
  • Fixed: CVE reference not appearing for specific check groups in Syhunt Dynamic.
  • Fixed: false positive involving version number and hardcoded resource check in Syhunt Code.
  • Changed the date/time format in the Past Sessions screen and report for better visualization.
  • Fixed: the user interface not highlighting when Git for Windows needs to be installed or about other fatal errors.
  • Fixed: Canceled scans sometimes being listed with Scanning as status in the Past Sessions screen.

Version 6.7 (September 17, 2019)

  • Enabled all code checks (though the details of High-rated and specific Medium-rated vulnerabilities are only available in the professional editions of Syhunt).
  • Added SAST support and checks for mobile (iOS and Android) apps. This includes support for the programming languages Objective-C, C, C++ and Swift.
  • Added many new and improved SAST checks for Java.
  • Improved code vulnerability detection accuracy and vulnerable line detection precision.
  • Improved insecure randomness checks (additional checks) in Syhunt Code.
  • Improved multi-language source code parsing.
  • Improved automated web form login (alternative schemes) in Syhunt Dynamic.
  • Improved spidering of heavily dynamically generated web stores.
  • Minor optimizations for Wordpress-based websites in Syhunt Dynamic.
  • Additional entry point coverage and input filtering/validation analysis in Syhunt Code.
  • Allow to ignore specific vulnerabilities in Site Preferences and Code Scanner Preferences screen.
  • Improved session status and icons in session manager.
  • Fixed a few bugs and false positives:
    • GIT for Windows 64-bit not being detected by Syhunt Code.
    • Improved hardcoded resource checks (eliminating some common false positives) in Syhunt Code.
    • Improved insecure salting checks (fixed two false positive cases) in Syhunt Code.
    • Fixed: an overly-broad path rejection rule in spider.
    • Make user check preferences overwrite hunt method check preferences in both Syhunt Dynamic and Syhunt Code.
    • Error message involving options table when trying to add target to the Dynamic Target list.

Version 6.6 (June 3, 2019)

  • Added the ability to start a scan against a website after manually logging in (when you start a Dynamic scan from within the Sandcat Browser the tab session data is used as part of the scan).
  • Significantly faster code scans (added additional optimizations for apps specific frameworks and libraries such as jQuery, Bootstrap, Kendo UI, momentjs, fullPage and more). Improved JavaScript analysis.
  • Added SAST support, optimizations and checks for AngularJS-based web apps.
  • Added SAST support and checks for Angular-based web apps (v2 and higher).
  • Added SAST support and checks for Electron-based apps.
  • Additional SAST checks for Node.js, Express, JavaScript and Java.
  • Added the ability to scan GIT repositories via user interface, and to create and manage a list of favorite target repositories.
  • Added support for Azure Repos using GIT.
  • Improved HTTP/HTTPS protocol and SSL support (fixed: connection reset by peer error when trying to scan some websites) in Syhunt Dynamic.
  • Added option to auto follow off-domain redirect in Start URL (enabled by default in GUI and CLI).
  • Ask about off-domain URL redirect when defining a dynamic target.
  • Added additional Joomla-specific optimizations in Syhunt Dynamic.
  • Added View Vulnerabilities option to Dynamic and Code menu bars.
  • Improved spider (handling of redundant form sections).
  • Improved handling of popups in Sandcat Browser.
  • Improved input dialog for adding Dynamic targets.
  • Canceling the site preferences screen before starting a scan cancels the scan.
  • Reverse list in session manager (recent sessions first).
  • Fixed: inability to properly pin app to the Windows taskbar.
  • Fixed: UI folder tree insertion bug related to hidden files in Syhunt Code.
  • Fixed: footer user notes not being added to report when generating one.
  • Fixed: session status not being updated to Canceled after a scan has been manually stopped via UI.
  • Fixed: SQL Injection toolbar menu option mapping to invalid hunt method in Syhunt Code.
  • Fixed: a false positive involving a SQL Injection protection filter not being recognized in Syhunt Code.
  • Fixed: a false positive involving authentication bypass check in Syhunt Dynamic.
  • Fixed: a false positive involving non-standard autocomplete attribute value in Syhunt Dynamic/Code.
  • Fixed: sidetree sometimes not properly loading item after switching between simultaneous scan tabs.

Version 6.5 (December 26, 2018)

  • Added a revamped vulnerability details dialog with editing capabilities.
  • Added Dynamic Targets screen to launcher - allows to manage a list of common target URLs. You can access it through the purple bookmark icon in the Launcher toolbar or the New Scan dialog.
  • Added Rails framework, WII framework and WordPress related optimizations.
  • Added the ability to import and export a scan session from/to a file.
  • Added additional scan progress info to the results tab
  • Reviewed hunt methods Malware Content and Structure Brute Force and enabled additional checks. Improved extension checking and structure brute force checks and fixed a false positive case.
  • Improved fingerprinting and added detected languages and OS type to reports.
  • Improved spider (improved web site caching and mapping).
  • Improved compatibility with source control systems (GIT and SVN) in Syhunt Code
  • Reclassified dynamic XSS risk based on CVSS3 score.
  • This release comes with the latest Syhunt Sandcat browser updates and drops support for Windows Vista:
    • Added the ability to import/export/clear bookmarks.
    • Confirm exit when tasks are running.

Version 6.4 (October 17, 2018)

  • Revamped launcher screen.
  • Added additional password file disclosure checks.
  • Added Jooma-specific optimizations.
  • Added Nginx support in Syhunt Insight.
  • Improved spidering (additional link extraction and improved relative path handling).
  • Combined link list with additional details into new Coverage report section.

Version 6.3 (September 8, 2018)

  • Added full support for CVSS (Common Vulnerability Scoring System). (Full details)
  • Added the ability to compare past scan sessions to determine new, unchanged or removed vulnerabilities, and save the comparison results as HTML (Menu -> Past Sessions -> Compare Checked button).
  • Added File Inclusion and OWASP Top 5 hunt methods to Syhunt Code.

Version 6.2 (June 15, 2018)

  • Added code scan support for Node.js based web applications. (Full details)
  • Added Server-Side JavaScript and MongoDB to Technologies tab in the Site Preferences screen.

Version 6.1 (May 17, 2018)

  • Several improvements in Syhunt Code:
    • Added code scan support for Java EE, JSP and Lua based web applications. (Full details)
    • Improved XSS detection in multiple languages (classic ASP, ASP.NET & PSP).
    • Improved input filtering analysis.
    • Improved speed (scan optimization).
    • Automatic Python WSGI script detection.
  • Improved fingerprinter (additional WAF detection) in Syhunt Dynamic.

Version 6.0 (October 10, 2017)

  • Major overhaul of both its scan engine and user interface, adding advanced fingerprinting capabilities, enhanced spidering, injection, browsing and code scan capabilities, and a large number of new and improved checks. (Full details)