Syhunt Dynamic comes with a wide array of features to detect and help you fix your web application security vulnerabilities with minimal effort. Simply enter a start URL and get detailed vulnerability information right away.
Syhunt Dynamic is composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks often carried by real-world adversaries, including inferential, in-band and out-of-band attacks through Augmented Dynamic Analysis (OAST). Available for on-premises deployment for businesses using Windows, macOS and Linux.
|Vulnerabilities Detected||Injection Checks||Vulnerability Categories Covered (View All)|
Deep CrawlerSyhunt Dynamic maps the entire web site structure (all links, forms, XHR requests and other entry points) and locates custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests. The scanner behaves as Chrome, Firefox and IE, and even simulates user interaction (key press, mouse click, etc).
Advanced InjectorTests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes. While performing a scan, Syhunt injects data in the web apps and subsequently analyzes the application response in order to determine if the application code is vulnerable.
Code Analysis Extensions
Scan any kind of web environment
Syhunt Dynamic offers the degree of flexibility and versatility required to support any web environment, anywhere. It has been designed to intelligently handle complex, large web sites and automatically adapt to different web environments and technologies.
While spidering a web site and hunting vulnerabilities, Syhunt Dynamic emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested. Syhunt's browser emulation feature set includes:
- Intelligent HTML parsing (handles malformed HTML like a web browser)
- User interaction simulation (key press, mouse click, etc)
- HTML 5-aware
- CSS 3-aware
- XHR request support
- Auto form filling & form login
- Process isolation/Multi-process scanning (each website scan you start is a different process on your operating system)
- Cookies support
- HTTPS support (SSL 2/SSL 3/TLS 1)
- Certificates support
- Basic & NTLM authentication support
- HTTP 1.0 and 1.1 support
- Keep-Alive support
- HTTP redirection support
Check for the Top vulnerabilities
Syhunt Dynamic allows you to scan for the top vulnerabilities attackers use against web applications.
OWASP Top 10The OWASP Top Ten is a list of vulnerabilities that require immediate remediation. Existing code should be checked for these vulnerabilities immediately, as these flaws are being actively targeted by attackers. The OWASP Foundation encourage companies to adopt the OWASP Top Ten as a minimum standard for securing web applications.
SANS Top 20The SANS Top 20 includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. The SANS Institute updates the list and the instructions as more critical threats and more current or convenient methods of protection are identified. It is a community consensus document.
CVE & CWEThe Syhunt scanners fully supports CVE (Common Vulnerabilities and Exposures) & CWE (Common Weakness Enumeration), being able to scan for the top CWE entries related to web applications. Syhunt is also on the Mitre Corporation's CVE-compatible list of products and services. The Mitre Corporation is the author of the standard itself.
Compliance AuditingSyhunt can help your organization address the most pressing compliance issues such as:
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley (GLBA)
- Payment Card Industry (PCI) Data Security Standard
- ISO/IEC 27001
Main Supported Languages
|Java / JSP|
...one of the most effective and valuable tools on the market today.
Matt McDermott, Security Engineer II, Solutionary, USA
In the News
Tools like Syhunt make an application's vulnerability much simpler to detect, no longer requiring a “hacker” level skill set.
We liked the GUI and the simplicity of Syhunt‘s user model. We had a very positive experience working with the product‘s development team
Web Hacking Exposed
Syhunt Dynamic runs under any modern 64-bit Linux, macOS or Windows version from Windows 7 through 11 (Specs)