What you get
Three panels, three angles on the same product.
Active scanner
42 active checks with OOB blind detection across 6 protocols. Same scan profiles in Community and Pro. No rate limits.
Intruder
19 payload generators, 15 processing rules, 4 attack modes including Turbo Intruder with raw TCP batching. Free tier runs at full speed.
Race-condition engine (Pro)
Single-packet attacks, last-byte sync, barrier coordination. Ships in the binary — no extension required.
Zero telemetry
No analytics, no crash reports, no usage tracking. Hugin never contacts a server unless you tell it to.
Local data
Flows, findings, scope, credentials — everything lives in local SQLite. The Community tier runs fully offline.
Anonymous accounts
Community needs no sign-up at all. Pro accounts are random IDs — no email, no password, no recovery.
134 MCP tools
Your AI agent drives the proxy natively. Scan, fuzz, decode, crawl — no GUI scraping, no brittle glue.
Any MCP client
Claude Code, Cursor, Windsurf, or your own agent. One JSON line of config.
Offensive automation
HTTP smuggling, deserialization, SSRF chains, cache poisoning, OAuth abuse — all agent-driven on the Pro tier.
Start testing in minutes
Download Hugin, point your browser at the proxy, and you're intercepting traffic. Community is the complete tool — every core feature, no trial clock, no paywall. Burp Suite Professional starts at $499/year.