28 Nov, 2024

Latest Exploits, Tools News

Starbucks Software Supplier Shutdown By Ransomware

Find Amazon Buckets & Sensitive Cloud Storage Data Using Google Dorks

Default Credentials Cheat Sheet – Search for Products Default Login/Password Information

SQLiDetector – Python Script That Helps Detect SQL injection By Sending Requests With 14 Payloads & Checks for 152 Regex Patterns

Userefuzz – User-Agent , X-Forwarded-For & Referer SQLI Fuzzer Made With Python

Vajra – Automated Web Hacking Framework for Web Applications

March 22, 2021March 22, 2021 Admin

Vajra

About Vajra

Vajra is an automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing. Vajra has highly customizable target scope based scan feature. Instead of running all the scan on target, it runs only those scan selected by you which will minimize unnecessary traffic and stores output in one place at CouchDB.

Vajra uses most common open source tools which every Bug Hunter runs during their testing on target. It does all the stuffs through web browser with very simple UI that makes it absolute beginner friendly framework.

Analyzing your data from scan result is very important in Bug Bounty. The chances of missing anything is less only if you could visualize your data in proper way and Vajra does so with a lot of filters.

I created this project for my personal use (about 6 months ago) but looking at its usefulness, I decided to make it open-source so that it can save your time and can get some more improvement from community.

Currently, I added only 27 unique bug bounty feature to it but more will be added in near future.

Visit this URL for Demo: https://hackwithproxy.tech/login

None of the scan will work in demo website. Username: root password: toor

Demo

Demo Video

Key Features

Highly target specific scan
Run multiple scans in parallel
Highly customizable scan based on user requirements
Absolute beginner friendly Web UI
Fast (as it is Asynchronous)
Export result in CSV or directly copy to clipboard
Telegram Notification

What Vajra does

Subdomain Scan with IP, Status Code and Title.
Subdomain Takeover Scan
Port Scan
Endpoints Discovery
Endpoints with Parameter Discovery
24/7 Monitor Subdomains
24/7 Monitor JavaScript
Templates Scan using Nuclei
Fuzz endpoints to find hidden endpoints or critical files (e.g .env)
Extract JavaScripts
Fuzz with Custom Generated wordlist
Extracts Secrets (e.g api keys, hidden javascripts endpoints)
Checks for Broken Links
Filter Endpoints based on extensions
Favicon Hash
Github Dorks
CORS Scan
CRLF Scan
403 Bypasser
Find Hidden Parameters
Google Hacking
Shodan Search Queries
Extract Hidden Endpoints from JavaScript
Create target based Custom Wordlist
Vulnerability Scan
CVE Scan
CouchDB to store all scan output

Total Scans

scans

Result of Scan

result

Found Subdomains

subdomains

Subdomain Monitoring

subdomain monitor

Installation

All the installation instructions are available at wiki page. Find the wiki documentation here:

https://github.com/r3curs1v3-pr0xy/vajra/wiki/Installation

Download: https://github.com/r3curs1v3-pr0xy/vajra

Please follow and like us:

Leave a Reply Cancel reply