Syhunt ScanTools 6.0 adds advanced fingerprinting capabilities, enhanced spidering, injection and code scan capabilities, and a large number of improved checks.
- Adds the display of Hybrid, Dynamic and Code detailed scan statistics to the command-line tools.
- New fingerprinting capabilities - Because of the so many vulnerability checks and mutations added to this version, we developed an advanced and automated fingerprinter tightly integrated with the crawler that automatically maps all the web site technologies and optimizes a scan - this means that Syhunt Dynamic 6 checks are now executed based on the detected web technologies and platform, saving considerable time.
- Four-step vulnerability rating (High, Medium, Low, Info) - we added the Info risk classification and removed the Minimal risk classification. Vulnerabilities previously marked as Minimal risk were assigned a Low or Info risk depending on each case.
- Malware Content (New Hunt Method) - Added to both Syhunt Dynamic and Syhunt Code, allows to scan specifically for malware content, web backdoors, hidden debug parameters and signs of hacking.
- Passive Scan (New Hunt Method) - Added to Syhunt Dynamic, allows to scan specifically for Common Exposures, Source Disclosures, Web Technology Disclosures, Suspicious HTML Comments and Malicious Content within a website's surface.
- Enhanced Dynamic Scanner: Several important enhancements were made to the spider which is a core part of Syhunt Dynamic:
- Faster and improved HTTP response analysis - improved parsing of web forms, JavaScript code and comments, and added support for additional HTML5 features.
- Added detection of known redundant app patterns.
- Added the use of Referer in HTTP requests (enabled by default).
- Improved file format and relative path handling.
- Improved cookie and token handling.
- Improved auto form filling, auto login and logout detection (many additional cases covered).
- Improved page redirect handling.
- Enhanced Code Scanner:
- Significantly faster scans (revised code for scan optimization)
- Improved entry point mapping - Added detection of new entry points in PHP code, allowing additional vulnerability cases to be detected.
- Added automatic file format detection.
- Improved reporting of vulnerable lines
- New Dynamic Checks - Added detection of many additional vulnerability classes through dynamic application security testing:
- Debug Parameter Discovery and Injection
- Web Technology Disclosures - Reports if the version of a detected web technology is being disclosed.
- Improved Dynamic Checks - Improved the detection of several vulnerability classes:
- SQL Injection - Added additional checks for error-based SQL Injection, and improved checks for MySQL.
- Directory Traversal checks - Added many new variants and filter evasion techniques
- Cross-Site Scripting (XSS) - Added a subcategory for Client-Side Denial-of-Service
- Web Backdoors - Added 211 new known backdoor checks
- Source Code Disclosure - Added new variants covering server-side Lua, PHP and ASP code, and improved accuracy
- HTML Comment checks - Introduced a more advanced parser, added support for JS comments, added several new checks and eliminated false positive cases.
- Multiple Disclosure checks - Revised checks for multiple disclosure flaws (divided into Path Disclosure, Password Disclosure and Information Disclosure). Fixed a case that could result in duplicated Path Disclosure reporting.
- Suspicious HTML Comments and Directory Listing checks - Introduced a new, extended check database and eliminated some possibilities of redundant reporting.
- New Code Checks - Added detection of many not previously covered vulnerabilities through static application security testing:
- SQL Injection involving object-oriented PHP code
- Common Form Weaknesses
- Other improvements and bug fixes:
- Added detection of new hacking tools through web server log analysis (Syhunt Insight).
- Scan status now reported as Undetermined if the scan aborted before starting due to any serious connectivity issues (like host not found).
- Fixed: short hunt method options (like as for appscan) not working with the newly introduced CLI app ScanURL.exe. Made it print additional vulnerability details.
- Fixed: location URL in reports including manipulated POST params