• Diniz Martins

D-TECT | Pentest the Modern Web

D-TECT is a penetration testing tool that can be used for information gathering and finding vulnerabilities in web applications.

The types of vulnerabilities that can be detected of D-TECT tool include:


WordPress Username Enumerator;

Sensitive File Detector;

Sub-Domain Scanner;

Port Scanner;

Wordpress Scanner;

Cross-Site Scripting [ XSS ] Scanner;

Wordpress Backup Grabber;

SQL Injection [ SQLI ] Scanner.


Installation:


D-TECT depends on Colorama and BeautifulSoup modules. Although both modules are included in the downloaded (cloned) They can be installed separately using the following command:


The following command opens the tool’s menu, showing all the scanning functionalities of the tool:

Select the desired scanning function (module) by selecting its sequence number.

For instance, we can look for sensitive web application files by typing the sequence number of sensitive file detector (i-e #2) in the terminal. The tool asks for the target web host to proceed with the scanning process. Upon providing the host address, D-TECT pings the target host to confirm its availability. If the target host is down or unavailable, the scanning process stops. However, if the target domain is up, D-TECT gathers some useful information about the target before moving on to the actual task, i-e finding sensitive files. The information includes target IP address, URL redirects, backend server information, and header information. If the X-Frame-Options header is missing, the tool generates a warning message, indicating the possibility of Click jacking vulnerability in the target host.




D-TECT tool can be used during reconnaissance and scanning phases of penetration testing. The tool can detect critical vulnerabilities in target web applications including cross-site scripting and database injections.

27 views0 comments

Recent Posts

See All

G00gle Dorks | Vulnerable Services

Google serves some 80 percent of all search queries on the Internet, making it by far the most popular search engine. Its popularity is due not only to excellent search effectiveness, but also extensi

OpenSSH via PowerShell

This is an alternative to connect to a server via SSH without leaving PowerShell or Command Prompt. ◼️ Free download HERE ◼️ #1 Download OpenSSH-Win64.zip and unzip it. #2 Open Windows PowerShell and

Vega | Web Security Scanner

Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. It can help you find and validate SQL Injection, Cross-Site Scripting (X