Syhunt Huntpad is a notepad application with features that are particularly useful to penetration testers and bug hunters – a collection of common injection string generators, hash generators, encoders and decoders, HTML and text manipulation functions, and so on, coupled with syntax highlighting for several programming languages.

 Features:
  • Syntax Highlighting – supporting HTML, JavaScript, CSS, XML, PHP, Ruby, SQL, Pascal, Perl, Python and VBScript.
  • SQL Injection functions
    • Filter Evasion – Database-Specific String Escape (CHAR & CHR). Conversion of strings to quoted strings, conversion of spaces to comment tags or new lines
    • Filter Evasion (MySQL-Specific) – String Concatenation, Percent Obfuscation & Integer Representation (eg: ’26’ becomes ‘ceil(pi()*pi())*(!!!pi()+true)+ceil(@@version)’, a technique presented by Johannes Dahse).
    • UNION Statement Maker
    • Quick insertion of common injections covering DB2, Informix, Ingres, MySQL, MSSQL, Oracle & PostgreSQL
  • File Inclusion functions
    • Quick Shell Upload code generator
    • PHP String Escape (chr)
  • Cross-Site Scripting (XSS) functions
    • Filter Evasion – JavaScript String Escape (String.fromCharCode), CSS Escape
    • Various handy alert statements for testing for XSS vulnerabilities.
  • Hash functions
    • Hash Generators – MD5, SHA-1, SHA-2 (224, 256, 384 & 512), GOST, HAVAL (various), MD2, MD4, RIPEMD (128, 160, 256 & 320), Salsa10, Salsa20, Snefru (128 & 256), Tiger (various) & WHIRLPOOL
  • Encoders/Decoders
    • URL Encoder/Decoder
    • Hex Encoder/Decoder – Converts a string or integer to hexadecimal or vice-versa (multiple output formats supported).
    • Base64 Encoder/Decoder
    • CharCode Converter – Converts a string to charcodes (eg: ‘abc’ becomes ‘97,98,99’) or vice-versa.
    • IP Obfuscator – Converts an IP to dword, hex or octal.
    • JavaScript Encoders – Such as JJEncode by Yosuke HASEGAWA
  • HTML functions
    • HTML Escape/Unescape
    • HTML Entity Encoder/Decoder – Decimal and hexadecimal HTML entity encoders & decoders
    • JavaScript and CSS beautifiers
    • JavaScript String Escape
  • Text Manipulation functions – Uppercase, Lowercase, Swap Case, Title Case, Reverse, Shuffle, Strip Slashes, Strip Spaces, Add Slashes, Char Separator
  • Time-Based Blind Injection code – Covering MySQL, MSSQL, Oracle, PostgreSQL, Server-Side JavaScript & MongoDB
  • CRC Calculators – CRC16, CRC32, CRC32b, and more.
  • Classical Ciphers – ROT13 & ROT[N]
  • Checksum Calculators – Adler-32 & Fletcher
  • Buffer Overflow String Creator
  • Random String & Number Generation functions
  • URL Splitter
  • Useful Strings – Math, character sets and more.