D-TECT – Pentesting the Modern Web Applications

Introduction

D-tect is an information gathering tool, we use this tool in first stage of penetration testing for web applications. Using this tool, we can fetch out web application username, sensitive data detection, sub-domain scanner, port scanning, wordpress scanner, vulnerabilities using XSS (Cross-site scripting), SQL injection and wordpress backup Grabber.

Installation

  • Use this tutorial to install the complete hacking tool in your kali machine.

Execution Steps

  • Use this command to launch the tool. python d-tect.py
D-Tect - Tool Launch
D-Tect – Tool Launch
  • Successfully launched the tool.

User Name Enumeration: Now, this option will find out valid username of wordpress for targeted website. In the same way it will identifies the IP address and the server name.

  • Choose option 1 and enter the target website.
D-Tect - User Name Enumeration
D-Tect – User Name Enumeration
  •  Successfully got the username.

Sensitive File Detector: This option will find out the sensitive data on the targeted website.

  • Choose option 2
D-Tect - Sensitive File Detector Fig 1
D-Tect – Sensitive File Detector Fig 1
  • Successfully got the sensitive file.
  • Now, lets open this file in the browser. To view the data.
D-Tect - Sensitive File Detector Fig 2
D-Tect – Sensitive File Detector Fig 2

Open this sitemap URL in the browser to view the data.

D_Tect - Sensitive File Detector Fig 3
D_Tect – Sensitive File Detector Fig 3
  • Here, we got the HTML URLS of target website.

Sub-Domain Scanner: This option will list out all the subdomains with IP address and server name of the target website.

  • Choose option 3
D-Tect - Sub-Domain Scanner
D-Tect – Sub-Domain Scanner
  • Successfully we got the subdomain details.

Port Scanner: This option will list out the open ports on the target website.

  • Enter the target website and port range.
D-Tect - Port Scanner
D-Tect – Port Scanner
  • Successfully got the open port and services.

Conclusion

As we saw D-tect tool can fetch out confidential details of the web application and help us find out the vulnerabilities on the target web application.