Releases: HuginCyber/Hugin
Release list
Hugin v0.1.1 — Platform fixes and scanner FP cleanup
Hugin v0.1.1 — Platform fixes and scanner FP cleanup
v0.1.1 is a platform and polish release. YesWeHack and Synaps feature work,
proxy latency fixes, and 50+ scanner false-positive and bug fixes from live
engagements. The engine features (session re-auth, checkpointing, CSRF
freshness, payload relocation, consolidation) land in v0.1.2.
Scanner bug fixes from live engagements
Three targets since v0.1.0 surfaced real false-positive classes. 25 passive
scanner fixes, 15 active fixes, 11 BAC fixes (PII redaction, WAF
false-positive gates, coverage gaps), 8 passive FP patches from the
white.market engagement, 4 FP patches (Next.js RSC, minified postMessage,
framework dSIH, JS-bundle CC), 6 patches (prototype-pollution extends
Array, nerve enum FPs, BAC no-op, body_offset, screenshot timeout). Fewer
junk findings to triage.
Proxy
pool_idle_timeout 10s + connect_timeout 10s — kills the 60-120s
keep-alive latency inflation. Three startup deadlock fixes. Null-status on
body collection failure. LazyLock poison fallback (never-match replaces
unreachable!()). Per-flow preflight parallelized (baselines + calibration
run concurrently). REST scanner_start handler parallelized (was the last
sequential bottleneck).
Platform features
- YesWeHack: modal login with credential persistence
- Synaps: import
.yamltemplates and.wasmmodules from the UI - Browser:
no_proxyparameter now works withbrowseandnavigateactions (was onlylaunch) - Bug-bounty skills published to docs and as MCP resources (
hugin://skill) - Crawler: 15s navigation timeout cap (was 60s), aborts after 5 consecutive WAF/challenge responses
Full changelog: v0.1.0...v0.1.1
Hugin v0.1.0 — First Public Release
Hugin v0.1.0
The first public release of Hugin — an AI-native intercept proxy for web security testing.
Downloads
- macOS Apple Silicon — hugin-cli-darwin-aarch64.tar.gz
- Linux x86_64 — hugin-cli-linux-x86_64.tar.gz
Install
curl -fsSL https://hugin.nu/install | sh
What's included
- 55 active checks, 48 passive checks — OWASP Top 10 + API Top 10
- 169 MCP tools — drive proxy/scanner/intruder from any MCP client
- Race condition engine — single-packet, last-byte sync, barrier
- Synaps WASM — community scanner modules in Wasmtime sandbox
- Lua extensions — hook live traffic with sandboxed scripts
- Collaboration — E2E-encrypted project sharing
- AI agent — autonomous exploration over 169 MCP tools
Pricing
- Community — free forever, no account
- Pro — €7/month (launch offer, regular €10), 7-day trial, no card
Verify
hugin verify hugin-cli-linux-x86_64.tar.gz
Every release binary is Ed25519-signed.