D2 Elliot Web Exploitation Framework

D2 Elliot Web Exploitation Framework helps enterprise to replicate real-life attacks during web application penetration testing by providing a powerful framework and efficient exploits and tools, validating vulnerability scans and revealing which data would be at risk.


D2 Elliot subscription is licensed per user ($5,900 USD annual subscription).

Icon Tools

Efficient web exploits and tools

D2 Elliot Web Exploitation Framework provides you hundreds of ready-to-use web exploits and tools. Exploit can be used with several optimized payloads especially designed for each kind of vulneraibility.

Icon Development

Quick and reliable web exploit development

D2 Elliot Web Exploitation Framework helps security experts to quickly develop reliable web exploits. Several dedicated Python classes have been designed for each major type of web vulnerability like SQLi, Remote Code Execution, Remote File Include, Local File Include, File Upload or File Disclosure. You only have to take care of the vulnerability - not the way to exploit it.

Icon GUI

Intuitive GUI

D2 Elliot Web Exploitation Framework offers you an intuitive graphical user interface to exploit web vulnerabilities. This GUI only needs a standard browser without system dependencies.

Icon Interactive Shell

Interactive shell

D2 Elliot Web Exploitation Framework offers you an interactive shell to do everything you need to do without the GUI.

Icon Vulnerability

Vulnerability scan validation

D2 Elliot Web Exploitation Framework can import and validate the exploitability of results from well-known web vulnerability scanners. Critical vulnerabilities can be easily identified.

Icon Updates

Frequent updates

D2 Elliot Web Exploitation Framework is regularly updated with new exploits and tools to keep a high level of efficiency.

SQL Injection

Dump database tables via SQL injection

JSP File Upload

PHP File Upload

Remote OS Command Execution

Remote PHP Command Execution

Local File Include

Remote File Include

Local File Include to Remote Command Execution