Tools starting with D
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
Damn Small FI Scanner (DSFS)
Damn Small JS Scanner (DSJS)
Damn Small SQLi Scanner (DSSS)
Damn Small Vulnerable Web (DSVW)
Damn Small XSS Scanner (DSXS)
DarkJPEG is an open source steganography web service. It can hide data, which gets hidden in a JPEG. All with anonymity and plausible deniability in mind.
DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.
Latest release: 1.0 [June 30, 2017]
DbDat is a security tool to perform several checks on a database to evaluate its security level. It includes configuration checks, privileges, and account detai
DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.
Decentraleyes is a small browser extension. It increases your privacy by blocking specific requests to content delivery networks.
Latest release: 1.3.10 [Aug. 27, 2017]
DET is a proof of concept to perform data exfiltration using either single or multiple channels at the same time.
Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.
Latest release: 0.6.1 [Sept. 7, 2017]
Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.
Latest release: 1.0.1 [July 20, 2017]
dfis (Digital Forensic Investigative Scripts)
Digital Forensic Investigative Scripts, or dfis, is a collection of scripts that can be used during forensic investigations.
DFWFW (Docker Firewall Framework)
DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.
DHCPwn is a security tool used for testing DHCP IP exhaustion attacks. It can also be used to sniff local DHCP traffic, useful for penetration tests.
Latest release: 1.0.3 [Sept. 5, 2017]
Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.
Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.
Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.
Latest release: 0.3.8 [July 25, 2017]
DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.
Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.
Latest release: 2.3.3 [July 20, 2017]
django-defender (Django Defender)
Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.
Latest release: 0.4.3 [April 14, 2017]
Django-guardian extends the default Django permissions model. It does this by allowing permissions on each database object, adding fine-grained control.
Latest release: 1.4.9 [June 30, 2017]
Django-security is a toolkit for the Django framework with the focus on security. It provides models, views, and middleware to strengthen the defenses.
Django-sudo provides a view decorator for Django web applications. It mimics the behavior of sudo on Linux systems and requires reauthentication.
django-two-factor-auth (Django Two-Factor Authentication)
A complete Two-Factor Authentication for Django. It leverages the django-otp tooling together with Django's authentication framework.
Latest release: 1.6.2 [July 29, 2017]
DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts
The dnsteal tool can be used to stealthily send data over DNS requests. It may be used to test data loss prevention (DLP) tools.
DocBleach sanitizes your documents by disarming harmful content. It can be used as an additional security layer for dealing with unknown documents.
Latest release: 0.0.8.post3 [June 16, 2017]
Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.
Latest release: 1.3.2 [March 30, 2017]
Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.
Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.
DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.
DotDotPwn is a security tool to perform directory traversal attempts to discover interesting paths in web applications.
Douane is an application firewall that interacts with the user to allow or deny new network connections.
DVIA (Damn Vulnerable iOS Application)
DVIA is short for Damn Vulnerable iOS Application, which provides an example to learn about vulnerabilities in iOS applications.
- testssl.sh (TLS/SSL configuration scanner)
- WhatWeb (website fingerprinter)
- vallumd (distributed ipset blacklist for iptables)
- Nikto (web application scanner)
- Exploit Pack (penetration testing framework)
- sslcaudit (auditing tool for SSL/TLS clients)
- Oscanner (Oracle assessment framework)
- SSHsec (SSH configuration scanner)
- VulnFeed (vulnerability feed parser)
- OpenSSL (TLS and SSL toolkit)
- VHostScan (virtual host scanner)
- swap_digger (data excavation tool for Linux swap)
- not24get (password quality checker)
- Certigo (certificate validator tool)
- Trawler (data collection framework for phishing results)
- SCUTUM (ARP filtering)
- Metagoofil (information gathering tool)
- Kube-Bench (security benchmark testing for Kubernetes)
- Dionaea (honeypot)
- NoSQLMap (database enumeration and exploitation)
- Thug (low-interaction honeyclient)
- OpenVAS (vulnerability scanner)
- Wapiti (vulnerability scanner for web applications)