HN Showcase
Back to browse
Berean Labs – Free AI-powered penetration testing for web apps

Berean Labs – Free AI-powered penetration testing for web apps

by abliterationai·Feb 20, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidDark HorseShip It

Free DAST with semantic LLM analysis beats expensive tools, but DAST/SAST market is crowded.

Strengths
  • Semantic understanding (LLM realizes exposed comments + DOM sinks = real vulns) beats dumb pattern matching
  • Completely free with no limits is genuine competitive advantage over Burp, Acunetix, or Snyk pricing
  • Domain verification + SSRF protections show real thought toward abuse-resistant design
Weaknesses
  • Penetration testing tools are crowded: Burp Suite, ZAP, Acunetix, Snyk Security all established players
  • Frontend-only scope limits value; real app security requires backend analysis and API testing too
Category
Security
Target Audience

Web developers, security teams, indie builders, SMB tech leads

Similar To

OWASP ZAP · Burp Suite Community · Snyk Security

Post Description

Hey HN,

I'm sharing Berean Labs (https://bereanlabs.com), a free, autonomous AI penetration testing tool designed to catch client-side vulnerabilities, exposed secrets, and misconfigurations in your web apps before attackers do.

The Problem Traditional DAST/SAST tools are often expensive, hard to configure, or generate massive amounts of false positives. They also sometimes lack the semantic understanding to realize that an exposed <!-- AWS_KEY=... --> comment or a specific combination of DOM sinks is actually a critical vulnerability. I wanted to build a tool that acts more like a junior red-teamer looking at your frontend code.

How it works under the hood 1. Domain Verification: To prevent abuse and random scanning, you first verify domain ownership via a DNS TXT record. 2. Safe Fetching: The Node.js backend fetches your target's HTML. I implemented strict SSRF protections here—it resolves DNS and explicitly blocks private/local IPs and localhost routing before fetching. 3. Attack Surface Extraction: Using Cheerio, the backend parses the DOM to extract a highly condensed "attack surface summary" to fit into the LLM context window. This includes forms, input fields, external script sources, suspicious inline scripts (e.g., eval, innerHTML), inline event handlers, and HTML comments. 4. AI Analysis: This sanitized context is fed into a specialized model (powered by Abliteration.ai) via a strict red-team system prompt. 5. Structured Reporting: The model enforces a JSON schema to return vulnerabilities ranked by severity, complete with CVSS scores, affected code snippets, and remediation steps.

It's completely free to use. I built this primarily to see how well current LLMs can perform context-aware security auditing on raw client-side output when given the right constraints.

I'd love for you to try it on your own domains and let me know what you think. Does it catch things your standard linters/scanners miss? Are there false positives that annoy you?

Check it out at: https://bereanlabs.com

Feedback, questions, and roasts of the architecture are highly welcome!

Similar Projects

Developer Tools●●Solid

Node.js LLM internationalization compiler: Scan code and Auto-Translate

It hooks into your build process, finds t(...) calls, and only generates missing translations via an LLM while preserving hand-edited entries — useful ergonomics many i18n tools skip. Comes with Vite/Webpack plugins, watch/batching modes and unused-key cleanup; the hard parts left to you are translation quality, API cost, and secrets management.

Solve My ProblemNiche Gem
mfcmatheus
204mo ago
Security●●●Banger

Deadend CLI – Open-source self-hosted agentic pentesting tool

Autonomous pentesting agent scoring 78% XBOW with fully local, sandboxed execution and real exploits.

WizardryBig BrainNiche Gem
gemini-15
103mo ago