Skip to content

Releases: HuginCyber/Hugin

Hugin v0.1.1 — Platform fixes and scanner FP cleanup

Choose a tag to compare

@Andrei-Dodu Andrei-Dodu released this 13 Jul 05:59

Hugin v0.1.1 — Platform fixes and scanner FP cleanup

v0.1.1 is a platform and polish release. YesWeHack and Synaps feature work,
proxy latency fixes, and 50+ scanner false-positive and bug fixes from live
engagements. The engine features (session re-auth, checkpointing, CSRF
freshness, payload relocation, consolidation) land in v0.1.2.

Scanner bug fixes from live engagements

Three targets since v0.1.0 surfaced real false-positive classes. 25 passive
scanner fixes, 15 active fixes, 11 BAC fixes (PII redaction, WAF
false-positive gates, coverage gaps), 8 passive FP patches from the
white.market engagement, 4 FP patches (Next.js RSC, minified postMessage,
framework dSIH, JS-bundle CC), 6 patches (prototype-pollution extends
Array, nerve enum FPs, BAC no-op, body_offset, screenshot timeout). Fewer
junk findings to triage.

Proxy

pool_idle_timeout 10s + connect_timeout 10s — kills the 60-120s
keep-alive latency inflation. Three startup deadlock fixes. Null-status on
body collection failure. LazyLock poison fallback (never-match replaces
unreachable!()). Per-flow preflight parallelized (baselines + calibration
run concurrently). REST scanner_start handler parallelized (was the last
sequential bottleneck).

Platform features

  • YesWeHack: modal login with credential persistence
  • Synaps: import .yaml templates and .wasm modules from the UI
  • Browser: no_proxy parameter now works with browse and navigate actions (was only launch)
  • Bug-bounty skills published to docs and as MCP resources (hugin://skill)
  • Crawler: 15s navigation timeout cap (was 60s), aborts after 5 consecutive WAF/challenge responses

Full changelog: v0.1.0...v0.1.1

Hugin v0.1.0 — First Public Release

Choose a tag to compare

@Andrei-Dodu Andrei-Dodu released this 09 Jul 15:45

Hugin v0.1.0

The first public release of Hugin — an AI-native intercept proxy for web security testing.

Downloads

  • macOS Apple Silicon — hugin-cli-darwin-aarch64.tar.gz
  • Linux x86_64 — hugin-cli-linux-x86_64.tar.gz

Install

curl -fsSL https://hugin.nu/install | sh

What's included

  • 55 active checks, 48 passive checks — OWASP Top 10 + API Top 10
  • 169 MCP tools — drive proxy/scanner/intruder from any MCP client
  • Race condition engine — single-packet, last-byte sync, barrier
  • Synaps WASM — community scanner modules in Wasmtime sandbox
  • Lua extensions — hook live traffic with sandboxed scripts
  • Collaboration — E2E-encrypted project sharing
  • AI agent — autonomous exploration over 169 MCP tools

Pricing

  • Community — free forever, no account
  • Pro — €7/month (launch offer, regular €10), 7-day trial, no card

Verify

hugin verify hugin-cli-linux-x86_64.tar.gz

Every release binary is Ed25519-signed.