D-TECT | Pentest the Modern Web

D-TECT is a penetration testing tool that can be used for information gathering and finding vulnerabilities in web applications.

The types of vulnerabilities that can be detected of D-TECT tool include:

WordPress Username Enumerator;

Sensitive File Detector;

Sub-Domain Scanner;

Port Scanner;

Wordpress Scanner;

Cross-Site Scripting [ XSS ] Scanner;

Wordpress Backup Grabber;

SQL Injection [ SQLI ] Scanner.


D-TECT depends on Colorama and BeautifulSoup modules. Although both modules are included in the downloaded (cloned) They can be installed separately using the following command:

The following command opens the tool’s menu, showing all the scanning functionalities of the tool:

Select the desired scanning function (module) by selecting its sequence number.

For instance, we can look for sensitive web application files by typing the sequence number of sensitive file detector (i-e #2) in the terminal. The tool asks for the target web host to proceed with the scanning process. Upon providing the host address, D-TECT pings the target host to confirm its availability. If the target host is down or unavailable, the scanning process stops. However, if the target domain is up, D-TECT gathers some useful information about the target before moving on to the actual task, i-e finding sensitive files. The information includes target IP address, URL redirects, backend server information, and header information. If the X-Frame-Options header is missing, the tool generates a warning message, indicating the possibility of Click jacking vulnerability in the target host.

D-TECT tool can be used during reconnaissance and scanning phases of penetration testing. The tool can detect critical vulnerabilities in target web applications including cross-site scripting and database injections.

19 views0 comments

Recent Posts

See All

A proof of concept (PoC) was developed for a critical vulnerability in F5's BIG-IP networking software that could expose thousands of users to remote control. The vulnerability, tracked as CVE-2022-13

Windows Subsystem For Linux (WSL) is a tool provided by Microsoft to run Linux natively on Windows. It’s designed to be a seamless experience, essentially providing a full Linux shell that can interac

Steganography is the practice of concealing a file, message, image, or video within another file, message, image or video. This utility can conceal messages in ASCII text by appending whitespace to th