top of page

D-TECT | Pentest the Modern Web

D-TECT is a penetration testing tool that can be used for information gathering and finding vulnerabilities in web applications.

The types of vulnerabilities that can be detected of D-TECT tool include:


WordPress Username Enumerator;

Sensitive File Detector;

Sub-Domain Scanner;

Port Scanner;

Wordpress Scanner;

Cross-Site Scripting [ XSS ] Scanner;

Wordpress Backup Grabber;

SQL Injection [ SQLI ] Scanner.


Installation:


D-TECT depends on Colorama and BeautifulSoup modules. Although both modules are included in the downloaded (cloned) They can be installed separately using the following command:


The following command opens the tool’s menu, showing all the scanning functionalities of the tool:

Select the desired scanning function (module) by selecting its sequence number.

For instance, we can look for sensitive web application files by typing the sequence number of sensitive file detector (i-e #2) in the terminal. The tool asks for the target web host to proceed with the scanning process. Upon providing the host address, D-TECT pings the target host to confirm its availability. If the target host is down or unavailable, the scanning process stops. However, if the target domain is up, D-TECT gathers some useful information about the target before moving on to the actual task, i-e finding sensitive files. The information includes target IP address, URL redirects, backend server information, and header information. If the X-Frame-Options header is missing, the tool generates a warning message, indicating the possibility of Click jacking vulnerability in the target host.




D-TECT tool can be used during reconnaissance and scanning phases of penetration testing. The tool can detect critical vulnerabilities in target web applications including cross-site scripting and database injections.

24 views0 comments

Recent Posts

See All

Absolutely everything is connected to the internet these days, from TV to smart light bulbs, from mobile devices to smart cars. Given those ads and ad trackers are everywhere on the Internet, a browse

Can you explain the difference between symmetric and asymmetric encryption? When would you use one over the other? Answer: Symmetric encryption uses a single key to both encrypt and decrypt data, whil

Nuclei is an open-source tool that allows security researchers and penetration testers to automate the process of finding vulnerabilities in web applications. It works by sending HTTP requests to a ta

bottom of page