Application Security Testing Toolkit
Essential Tools for Ethical Hackers and Enterprises
Helium Core Community is the free version of our professional application security testing platform developed by Cyber Army Indonesia. Built for ethical hackers an enterprises who need comprehensive application security auditing capabilities.
- Proxy Controller - Intercepts and analyzes HTTP/HTTPS traffic in real-time
- HTTP History - Records and manages all intercepted requests/responses
- Sitemap Generation - Automatically maps application structure and endpoints
- WebSocket History - Tracks and analyzes WebSocket communications
- Advanced Fuzzer - Automated payload testing with multiple attack modes:
- Single-shot - Targeted single payload attacks
- Mirror-strike - Reflection-based testing
- Parallel-blades - Concurrent multi-vector attacks
- Payload-storm - High-intensity fuzzing campaigns
- Repeater - Manual request modification and replay functionality
- Target Scope Management - Define in-scope/out-of-scope targets with precision
- Wordlist Management - Custom payload dictionaries and attack patterns
- Subdomain Discovery - Automatically discovers subdomains for browsed domains
- Port & Service Detection - Identifies open ports and running services on discovered hosts
- WebTech Detection - Technology stack identification and fingerprinting
- Attack Surface Analytics - Comprehensive metrics and insights:
- Port Analytics - Statistical analysis of discovered ports
- Subdomain Analytics - Subdomain discovery metrics
- Technology Analytics - Web technology distribution analysis
- Passive Vulnerability Scanner - Non-intrusive security analysis with 40+ scan rules:
- Security Headers - CSP, HSTS, X-Frame-Options, X-Content-Type-Options analysis
- Cookie Security - Secure flags, HttpOnly, SameSite attribute validation
- Information Disclosure - Debug errors, version headers, sensitive comment detection
- Authentication Issues - Insecure authentication mechanism identification
- Input Validation - XSS, CSRF, user-controlled parameter analysis
- Web Spider - Intelligent crawling and endpoint discovery:
- Configurable Depth - Customizable crawling limits and scope management
- Form Discovery - Automatic form detection and processing
- Metadata Extraction - Git, SVN, .DS_Store file discovery
- Authentication Support - Crawling of protected application areas
- OWASP-Aligned Security Checks - Industry-standard vulnerability detection
- Risk Assessment - Detailed confidence levels and impact analysis
- Intelligent Threading - Dynamic worker allocation based on system specifications
- Decoder/Encoder - Comprehensive encoding/decoding toolkit:
- URL Encoding/Decoding - Handle URL-encoded data
- Base64 Operations - Encode/decode Base64 data
- HTML Entity Handling - HTML encoding/decoding
- Hex Operations - Hexadecimal encoding/decoding
- GZIP Compression - Compress/decompress data
- Hash Functions - Generate various hash types
- Smart Decode - Automatic detection and decoding
- HTTPQL Query Language - Advanced filtering syntax for HTTP data analysis
- Workspace System - Project-based organization with dedicated database per workspace
- Request/Response Storage - Persistent storage of raw and parsed HTTP data
- Comprehensive Logging - Detailed activity tracking and audit trails
- Filter Templates - Advanced query capabilities with HTTPQL syntax
- Export Capabilities - Workspace data export functionality
- Template System - Reusable filter and query templates
| Platform | Download |
|---|---|
| Windows (x64) | Download |
| Linux (x64) | Download |
| Linux (arm64) | Download |
- Operating System: Windows 10/11 (x64) / Linux (x64) / Linux (arm64)
- Processor: Multi-core CPU recommended (2+ cores minimum)
- Memory:
- Minimum: 4GB RAM (basic functionality - single scan operations, limited fuzzing)
- Recommended: 8GB RAM (optimal performance - full feature utilization, intensive fuzzing)
- Large-scale testing: 16GB+ RAM (extensive fuzzing campaigns, large workspace data)
- Storage: 2GB free space (additional space required for workspaces and logs)
- Network: Internet connection required for initial setup and updates
Found a bug or have a feature request? Please create an issue in this repository.
This software is proprietary and closed source. All rights reserved by Cyber Army Indonesia.