Геркулес | DAST

Hercules DAST (Dynamic Application Security Testing) — a professional tool for web application security analysis directly in your browser. 🔍 Features: • robots.txt — sensitive paths analysis (/admin, /api, /.env, /backup) • sitemap.xml — hidden and sensitive URL discovery • Scripts — HTTP/HTTPS check, external scripts, outdated libraries • DOM XSS — vulnerability detection (innerHTML, eval, document.write) • Forms — CSRF tokens, passwords in GET, autocomplete • Security Headers — CSP, X-Frame-Options, X-Content-Type-Options • Cookies — sensitive cookie analysis • CORS — wildcard origin check • Ports — open port scanning (80,443,8080,8443,3000,5000,8000) • API endpoints — Swagger, OpenAPI, GraphQL discovery • SQL injection — active form testing • XSS test — active form testing • Directories — brute force common paths (admin, .env, backup, .git) • S3 buckets — open AWS S3 bucket discovery • Subdomains — crt.sh and common subdomain enumeration 📊 Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML. 🛡️ All data is processed locally — nothing is sent to external servers. Developed for pentesters, developers, and security professionals.