D-TECT – Web Applications Penetration Testing Tool

Information Gathering and Vulnerability Scanning are the processes of Penetration Testing that must be performed by every Security Individual. This can be done via automated tools. A D-TECT tool is an automated tool that can be helpful in this Information Collection and Finding Vulnerabilities in Web applications. D-TECT tool includes subdomains enumeration, ports scanning, WordPress scanning, same site scripting detection, and vulnerabilities assessment. Vulnerabilities scanned by this tool are XSS, SQL Injection, Click-jacking. D-TECT tool is developed in the Python Language and available on the GitHub platform. It’s free and open-source to use.

How does D-TECT Works?

The working of the D-TECT tool is pretty simple, as this is an automated tool you just need to select the modules from the list which appears after running the d-tect.py file. There are various options such as Subdomain Scanner, Port Scanner, WordPress Scanner, etc. You simply need to select the option and provide the target domain URL like (geeksforgeeks.org), after this the tool gathers the information about the target and displays the results in a sophisticated manner onto the terminal itself.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of D-TECT Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/shawarkhanethicalhacker/D-TECT-1.git

Step 2:  Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd D-TECT-1

Step 3: Now you are in the directory of the tool. Use the following command to run the tool.

./d-tect.py

Working with D-TECT Tool on Kali Linux OS

Example 1:  Banner Grabbing

Select Option 1

Tool have gathered the Banner Information about the target domain geeksforgeeks.org

Example 2: ClickJacking Detection

Select Option 5

There is ClickJacking Vulnerability Detection on the domain.

Example 3: Port Scanner

Select Option 4

Open Ports are been scanned and displayed in the below screenshot.

Example 4: WP Backup Grabber

Select Option 7

WordPress Backup Grabber is performed in the below screenshot.

Example 5: Sensitive File Detection

Select Option 2

Critical files which can contain sensitive information is listed in the below screenshot.

Example 6: Cross-Site Scripting [ XSS ] Scanner

Select Option 6

XSS Scanning is been performed on the domain geeksforgeeks.org.

Example 7: SQL Injection [ SQLI ] Scanner

Select Option 8

SQL Injection Scanning is been performed on the domain geeksforgeeks.org.

Example 8: Sub-domain Scanner

Select Option 3

Subdomains associated with the geeksforgeeks.org are been detected and displayed in the below screenshot.

Example 9: WP Username Enumeration

Select Option 1

Usernames associated with the WordPress are been enumerated.

Example 10: Same Site Scripting detection

Select Option 3

Same Site Scripting Vulnerability detection is been performed on the subdomains of geeksforgeeks.org