Hercules | DAST par Hercules
Powerful web application security scanner. Analyze XSS, SQLi, ports, API, S3, subdomains and more.
MĂ©tadonnĂ©es de lâextension
Captures dâĂ©cran
Ă propos de cette extension
Hercules DAST (Dynamic Application Security Testing) â a professional tool for web application security analysis directly in your browser.
đ Features:
âą robots.txt â sensitive paths analysis (/admin, /api, /.env, /backup)
âą sitemap.xml â hidden and sensitive URL discovery
âą Scripts â HTTP/HTTPS check, external scripts, outdated libraries
âą DOM XSS â vulnerability detection (innerHTML, eval, document.write)
âą Forms â CSRF tokens, passwords in GET, autocomplete
âą Security Headers â CSP, X-Frame-Options, X-Content-Type-Options
âą Cookies â sensitive cookie analysis
âą CORS â wildcard origin check
âą Ports â open port scanning (80,443,8080,8443,3000,5000,8000)
âą API endpoints â Swagger, OpenAPI, GraphQL discovery
âą SQL injection â active form testing
âą XSS test â active form testing
âą Directories â brute force common paths (admin, .env, backup, .git)
âą S3 buckets â open AWS S3 bucket discovery
âą Subdomains â crt.sh and common subdomain enumeration
đ Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML.
đĄïž All data is processed locally â nothing is sent to external servers.
Developed for pentesters, developers, and security professionals.
đ Features:
âą robots.txt â sensitive paths analysis (/admin, /api, /.env, /backup)
âą sitemap.xml â hidden and sensitive URL discovery
âą Scripts â HTTP/HTTPS check, external scripts, outdated libraries
âą DOM XSS â vulnerability detection (innerHTML, eval, document.write)
âą Forms â CSRF tokens, passwords in GET, autocomplete
âą Security Headers â CSP, X-Frame-Options, X-Content-Type-Options
âą Cookies â sensitive cookie analysis
âą CORS â wildcard origin check
âą Ports â open port scanning (80,443,8080,8443,3000,5000,8000)
âą API endpoints â Swagger, OpenAPI, GraphQL discovery
âą SQL injection â active form testing
âą XSS test â active form testing
âą Directories â brute force common paths (admin, .env, backup, .git)
âą S3 buckets â open AWS S3 bucket discovery
âą Subdomains â crt.sh and common subdomain enumeration
đ Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML.
đĄïž All data is processed locally â nothing is sent to external servers.
Developed for pentesters, developers, and security professionals.
Noté 0 par 1 personne
Autorisations et données
Autorisations nécessaires :
- Accéder aux onglets du navigateur
- Accéder à vos données pour tous les sites web
Collecte de données :
- Le dĂ©veloppeur indique que cette extension nâa pas besoin de collecter de donnĂ©es.
Plus dâinformations
- Liens du module
- Version
- 1.0.0
- Taille
- 63,47Â Ko
- DerniĂšre mise Ă jour
- il y a 9 jours (27 mars 2026)
- Catégories associées
- Licence
- Mozilla Public License 2.0
- Historique des versions
- Ajouter Ă la collection