Syhunt Community is a web and now mobile application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed vulnerability information - Syhunt is also composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks.
CHANGELOG VERSION 6.7 (SEPTEMBER 17, 2019)
* Added SAST support and checks for mobile (iOS and Android) apps. This includes support for the programming languages Objective-C, C, C++ and Swift.
* Added many new and improved SAST checks for Java.
* Improved code vulnerability detection accuracy and vulnerable line detection precision.
* Improved insecure randomness checks (additional checks) in Syhunt Code.
* Improved multi-language source code parsing.
* Improved automated web form login (alternative schemes) in Syhunt Dynamic.
* Improved spidering of heavily dynamically generated web stores.
* Minor optimizations for Wordpress-based websites in Syhunt Dynamic.
* Additional entry point coverage and input filtering/validation analysis in Syhunt Code.
* Allow to ignore specific vulnerabilities in Site Preferences and Code Scanner Preferences screen.
* Improved session status and icons in session manager.
* Fixed a few bugs and false positives:
- GIT for Windows 64-bit not being detected by Syhunt Code.
- Improved hardcoded resource checks (eliminating some common false positives) in Syhunt Code.
- Improved insecure salting checks (fixed two false positive cases) in Syhunt Code.
- Fixed: an overly-broad path rejection rule in spider.
- Make user check preferences overwrite hunt method check preferences in both Syhunt Dynamic and Syhunt Code.
- Error message involving options table when trying to add target to the Dynamic Target list.