• Diniz Martins

D-TECT | Pentest the Modern Web

D-TECT is a penetration testing tool that can be used for information gathering and finding vulnerabilities in web applications.

The types of vulnerabilities that can be detected of D-TECT tool include:


WordPress Username Enumerator;

Sensitive File Detector;

Sub-Domain Scanner;

Port Scanner;

Wordpress Scanner;

Cross-Site Scripting [ XSS ] Scanner;

Wordpress Backup Grabber;

SQL Injection [ SQLI ] Scanner.


Installation:


D-TECT depends on Colorama and BeautifulSoup modules. Although both modules are included in the downloaded (cloned) They can be installed separately using the following command:


The following command opens the tool’s menu, showing all the scanning functionalities of the tool:

Select the desired scanning function (module) by selecting its sequence number.

For instance, we can look for sensitive web application files by typing the sequence number of sensitive file detector (i-e #2) in the terminal. The tool asks for the target web host to proceed with the scanning process. Upon providing the host address, D-TECT pings the target host to confirm its availability. If the target host is down or unavailable, the scanning process stops. However, if the target domain is up, D-TECT gathers some useful information about the target before moving on to the actual task, i-e finding sensitive files. The information includes target IP address, URL redirects, backend server information, and header information. If the X-Frame-Options header is missing, the tool generates a warning message, indicating the possibility of Click jacking vulnerability in the target host.




D-TECT tool can be used during reconnaissance and scanning phases of penetration testing. The tool can detect critical vulnerabilities in target web applications including cross-site scripting and database injections.

34 views0 comments

Recent Posts

See All

NMAP | Essential Commands

Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-chan

Directory Scanner Enumeration

Directory Scanner is the free Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers running on the local network as well as Internet. In addition to th