D-TECT is a penetration testing tool that can be used for information gathering and finding vulnerabilities in web applications.

The types of vulnerabilities that can be detected of D-TECT tool include:

➟ WordPress Username Enumerator;

➟ Sensitive File Detector;

➟ Sub-Domain Scanner;

➟ Port Scanner;

➟ Wordpress Scanner;

➟ Cross-Site Scripting [ XSS ] Scanner;

➟ Wordpress Backup Grabber;

➟ SQL Injection [ SQLI ] Scanner.

Installation:

D-TECT depends on Colorama and BeautifulSoup modules. Although both modules are included in the downloaded (cloned) They can be installed separately using the following command:

The following command opens the tool’s menu, showing all the scanning functionalities of the tool:

Select the desired scanning function (module) by selecting its sequence number.

For instance, we can look for sensitive web application files by typing the sequence number of sensitive file detector (i-e #2) in the terminal. The tool asks for the target web host to proceed with the scanning process. Upon providing the host address, D-TECT pings the target host to confirm its availability. If the target host is down or unavailable, the scanning process stops. However, if the target domain is up, D-TECT gathers some useful information about the target before moving on to the actual task, i-e finding sensitive files. The information includes target IP address, URL redirects, backend server information, and header information. If the X-Frame-Options header is missing, the tool generates a warning message, indicating the possibility of Click jacking vulnerability in the target host.

D-TECT tool can be used during reconnaissance and scanning phases of penetration testing. The tool can detect critical vulnerabilities in target web applications including cross-site scripting and database injections.