Vajra Automated Web Hacking Framework for Pentesting
Vajra Automated Web Hacking Framework for Pentesting

Vajra: Automated Web Hacking Framework for Pentesting

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

About Vajra

Automated web hacking framework for web applications
Automated web hacking framework for web applications

Vajra is an automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing. Vajra has highly customizable target scope based scan feature. Instead of running all the scan on target, it runs only those scan selected by you which will minimize unnecessary traffic and stores output in one place at CouchDB.

Vajra uses most common open source tools which every Bug Hunter runs during their testing on target. It does all the stuffs through web browser with very simple UI that makes it absolute beginner friendly framework.

Analyzing your data from scan result is very important in Bug Bounty. The chances of missing anything is less only if you could visualize your data in proper way and Vajra does so with a lot of filters.

I created this project for my personal use (about 6 months ago) but looking at its usefulness, I decided to make it open-source so that it can save your time and can get some more improvement from community.

Currently, I added only 27 unique bug bounty feature to it but more will be added in near future.

Demo

Visit this URL for Demo. None of the scan will work in demo website. Username: root password: toor

Key Features

  • Highly target specific scan
  • Run multiple scans in parallel
  • Highly customizable scan based on user requirements
  • Absolute beginner friendly Web UI
  • Fast (as it is Asynchronous)
  • Export result in CSV or directly copy to clipboard
  • Telegram Notification

What Vajra does

  • Subdomain Scan with IP, Status Code and Title.
  • Subdomain Takeover Scan
  • Port Scan
  • Endpoints Discovery
  • Endpoints with Parameter Discovery
  • 24/7 Monitor Subdomains
  • 24/7 Monitor JavaScript
  • Templates Scan using Nuclei
  • Fuzz endpoints to find hidden endpoints or critical files (e.g .env)
  • Extract JavaScripts
  • Fuzz with Custom Generated wordlist
  • Extracts Secrets (e.g api keys, hidden javascripts endpoints)
  • Checks for Broken Links
  • Filter Endpoints based on extensions
  • Favicon Hash
  • Github Dorks
  • CORS Scan
  • CRLF Scan
  • 403 Bypasser
  • Find Hidden Parameters
  • Google Hacking
  • Shodan Search Queries
  • Extract Hidden Endpoints from JavaScript
  • Create target based Custom Wordlist
  • Vulnerability Scan
  • CVE Scan
  • CouchDB to store all scan output

Captures

Total Scans

Total Scans
Total Scans

Result of Scan

Result of Scan
Result of Scan

Found Subdomains

Found Subdomains
Found Subdomains

Subdomain Monitoring

Subdomains Monitoring
Subdomains Monitoring

Installation

All the installation instructions are available at wiki page. Find the wiki documentation here.

Requirements

  • Minimum of 1 GB of RAM
  • Recommended RAM is more than 2 GB
  • Debian based OS (currently tested in Ubuntu 20.04 LTS)
  • Minimum storage of 12 GB
  • A VPS is recommended

You can follow this video tutorial to install it:

Steps to Install Vajra

git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git
sudo su (root access is required)
cd vajra/tools/ && chmod +x *
cd ../../
cd vajra/install
chmod +x ./install.sh
./install.sh

After 2-3 minutes, it will ask you to set ip on which CouchDB will run. Leave it as default. i.e 127.0.0.1

Configuring CouchDB
Configuring CouchDB

Now we need to set password for CouchDB. It is mandatory to set password as hackwithme

Don’t worry! CouchDB is running on localhost which is 127.0.0.1 . Thus it is not accessable from outside.

After this, Vajra is ready to run 🙂

Usage

Add target name and select types of scan to start scanning.

Note: If subdomain is included in any of the scan then make sure to find subdomains before including subdomains in scans.

For more guide on usage, follow this URL.

Dark Mode

vajra (this link opens in a new window) by r3curs1v3-pr0xy (this link opens in a new window)

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

More Stories
AMIRA Automated Malware Incident Response Analysis
AMIRA: Automated Malware Incident Response & Analysis