Tools starting with D
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
DBShield
DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.
DET
DET is a proof of concept to perform data exfiltration using either single or multiple channels at the same time.
DFWFW (Docker Firewall Framework)
DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.
DHCPwn
DHCPwn is a security tool used for testing DHCP IP exhaustion attacks. It can also be used to sniff local DHCP traffic, useful for penetration tests.
DIRB
DIRB is a security tool to discover directories and files on a web server. It can be used during penetration testing or security assessments to find sensitive information.
DMitry
DMitry is a security tool that can be used for security assessments or more generic information gathering about systems. It can retrieve both information from public sources and the system itself.
DNSChef
DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts
DNSteal
The dnsteal tool can be used to stealthily send data over DNS requests. It may be used to test data loss prevention (DLP) tools.
DVIA (Damn Vulnerable iOS Application)
DVIA is short for Damn Vulnerable iOS Application, which provides an example to learn about vulnerabilities in iOS applications.
Dagda
Dagda is a security tool to perform static analysis of known vulnerabilities, malware and threats in Docker images and containers. It monitors both the Docker daemon and running containers to find anomalies and suspicious activities.
Damn Small FI Scanner (DSFS)
Damn Small JS Scanner (DSJS)
Damn Small SQLi Scanner (DSSS)
Damn Small Vulnerable Web (DSVW)
Looking for a deliberately vulnerable application to test your exploitation skills? Learn in this review about the Damn Small Vulnerable Web project and how it can help.
Damn Small XSS Scanner (DSXS)
DarkJPEG
DarkJPEG is an open source steganography web service. It can hide data, which gets hidden in a JPEG. All with anonymity and plausible deniability in mind.
DataSploit
DataSploit is an OSINT framework to perform intelligence gathering about a particular target. Read how it works in this review.
DbDat
DbDat is a security tool to perform several checks on a database to evaluate its security level. It includes configuration checks, privileges, and account detai
Decentraleyes
Decentraleyes is a small browser extension. It increases your privacy by blocking specific requests to content delivery networks.
DejaVu
DejaVu is an open source deception framework which can be used to deploy and administer decoys across a network infrastructure. Read how it works in this review.
Detective
Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.
Diamorphine
Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.
Dionaea
Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.
DirSearch (Go)
DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.
DocBleach
DocBleach sanitizes your documents by disarming harmful content. It can be used as an additional security layer for dealing with unknown documents.
Docker Bench for Security
Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.
Dockerscan
Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.
Dockpot
Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.
Domain Analyzer
Want to know the information available about a domain? The aptly named tool Domain Analyzer will show you the details.
DorkNet
DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.
DotDotPwn
DotDotPwn is a security tool to perform directory traversal attempts to discover interesting paths in web applications.
Douane
Douane is an application firewall that interacts with the user to allow or deny new network connections.
detectem
Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.
dfis (Digital Forensic Investigative Scripts)
Digital Forensic Investigative Scripts, or dfis, is a collection of scripts that can be used during forensic investigations.
dirsearch
Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.
django-axes
Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.
django-defender (Django Defender)
Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.
django-guardian
Django-guardian extends the default Django permissions model. It does this by allowing permissions on each database object, adding fine-grained control.
django-security
Django-security is a toolkit for the Django framework with the focus on security. It provides models, views, and middleware to strengthen the defenses.
django-sudo
Django-sudo provides a view decorator for Django web applications. It mimics the behavior of sudo on Linux systems and requires reauthentication.
django-two-factor-auth (Django Two-Factor Authentication)
A complete Two-Factor Authentication for Django. It leverages the django-otp tooling together with Django's authentication framework.
dnmap
Dnmap is a tool to allow distributed scanning with the well-known Nmap tool. It may be used by penetration testers and system administrators to scan a large network and spread the load among multiple clients systems.
domain
Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. Read how it works in this review.
droopescan
This plugin-based security tool helps to detect and test for weaknesses in common CMS systems like Drupal, SilverStripe, and WordPress.
Recently reviewed
- Archery (vulnerability assessment and management)
- Wapiti (vulnerability scanner for web applications)
- Patator (multi-purpose brute-force tool)
- BleachBit (system cleaner and privacy tool)
- OpenSCAP (suite with tools and security data)
- Lynis (security scanner and compliance auditing tool)
- BlackBox (store secrets in Git/Mercurial/Subversion)
- salt-scanner (Linux vulnerability scanner)
- Infection Monkey (security testing for data centers and networks)
- Anchore Engine (container analysis and inspection)
- Zeek (network security monitoring tool)
- ZAP (web application analysis)
- Maltrail (malicious traffic detection system)
- tls-ca-manage
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- Bleach (sanitizing library for Django)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)