Hercules | DAST wót Hercules
Powerful web application security scanner. Analyze XSS, SQLi, ports, API, S3, subdomains and more.
3 wužywarje3 wužywarje
Metadaty rozšyrjenja
Fota wobrazowki
Wó toś tom rozšyrjenju
Hercules DAST (Dynamic Application Security Testing) — a professional tool for web application security analysis directly in your browser.
🔍 Features:
• robots.txt — sensitive paths analysis (/admin, /api, /.env, /backup)
• sitemap.xml — hidden and sensitive URL discovery
• Scripts — HTTP/HTTPS check, external scripts, outdated libraries
• DOM XSS — vulnerability detection (innerHTML, eval, document.write)
• Forms — CSRF tokens, passwords in GET, autocomplete
• Security Headers — CSP, X-Frame-Options, X-Content-Type-Options
• Cookies — sensitive cookie analysis
• CORS — wildcard origin check
• Ports — open port scanning (80,443,8080,8443,3000,5000,8000)
• API endpoints — Swagger, OpenAPI, GraphQL discovery
• SQL injection — active form testing
• XSS test — active form testing
• Directories — brute force common paths (admin, .env, backup, .git)
• S3 buckets — open AWS S3 bucket discovery
• Subdomains — crt.sh and common subdomain enumeration
📊 Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML.
🛡️ All data is processed locally — nothing is sent to external servers.
Developed for pentesters, developers, and security professionals.
🔍 Features:
• robots.txt — sensitive paths analysis (/admin, /api, /.env, /backup)
• sitemap.xml — hidden and sensitive URL discovery
• Scripts — HTTP/HTTPS check, external scripts, outdated libraries
• DOM XSS — vulnerability detection (innerHTML, eval, document.write)
• Forms — CSRF tokens, passwords in GET, autocomplete
• Security Headers — CSP, X-Frame-Options, X-Content-Type-Options
• Cookies — sensitive cookie analysis
• CORS — wildcard origin check
• Ports — open port scanning (80,443,8080,8443,3000,5000,8000)
• API endpoints — Swagger, OpenAPI, GraphQL discovery
• SQL injection — active form testing
• XSS test — active form testing
• Directories — brute force common paths (admin, .env, backup, .git)
• S3 buckets — open AWS S3 bucket discovery
• Subdomains — crt.sh and common subdomain enumeration
📊 Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML.
🛡️ All data is processed locally — nothing is sent to external servers.
Developed for pentesters, developers, and security professionals.
Z 0 wót 0 pógódnośujucych pógódnośony
Pšawa a daty
Trjebne pšawa:
- Pśistup k rejtarikam wobglědowaka měś
- Pśistup k wašym datam za wšykne websedła měś
Gromaźenje datow:
- Wuwijaŕ groni, až toś to rozšyrjenje gromaźenje datow njetrjeba.
Dalšne informacije
- Dodankowe wótzkaze
- Wersija
- 1.0.0
- Wjelikosć
- 63,47 KB
- Slědny raz zaktualizěrowany
- თვის წინ (27 მარ 2026)
- Pśiswójźbne kategorije
- Wersijowa historija
- Zběrce pśidaś