logo
DATABASE RESOURCES PRICING ABOUT US

Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks

Description

[![](https://1.bp.blogspot.com/-N-fhhK58yzw/YE6NTRQJX3I/AAAAAAAAVoI/bh-onKnJyRQFrrFJ4AjlesWwO7y4xIXLgCNcBGAsYHQ/w640-h160/vajra_1_logo.png)](<https://1.bp.blogspot.com/-N-fhhK58yzw/YE6NTRQJX3I/AAAAAAAAVoI/bh-onKnJyRQFrrFJ4AjlesWwO7y4xIXLgCNcBGAsYHQ/s800/vajra_1_logo.png>) An automated web [hacking framework](<https://www.kitploit.com/search/label/Hacking%20Framework> "hacking framework" ) for web applications **Detailed insight about Vajra can be found at** <https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8> **About Vajra** [![](https://1.bp.blogspot.com/-frHLqteJjns/YE6NfHpZuFI/AAAAAAAAVoM/kyMvMWQxNz8BdcFsIRgMOcUSqybMSHhiACNcBGAsYHQ/w640-h318/vajra_7_home.png)](<https://1.bp.blogspot.com/-frHLqteJjns/YE6NfHpZuFI/AAAAAAAAVoM/kyMvMWQxNz8BdcFsIRgMOcUSqybMSHhiACNcBGAsYHQ/s1869/vajra_7_home.png>) Vajra is an automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing. Vajra has highly [customizable](<https://www.kitploit.com/search/label/Customizable> "customizable" ) target scope based scan feature. Instead of running all the scan on target, it runs only those scan selected by you which will minimize unnecessary traffic and stores output in one place at CouchDB. Vajra uses most common open source tools which every Bug Hunter runs during their testing on target. It does all the stuffs through web browser with very simple UI that makes it absolute [beginner friendly](<https://www.kitploit.com/search/label/Beginner%20Friendly> "beginner friendly" ) framework. Analyzing your data from scan result is very important in Bug Bounty. The chances of missing anything is less only if you could visualize your data in proper way and Vajra does so with a lot of filters. I created this project for my personal use (about 6 months ago) but looking at its usefulness, I decided to make it open-source so that it can save your time and can get some more improvement from community. **Currently, I added only 27 unique bug bounty feature to it but more will be added in near future.** **Visit this URL for Demo:** <https://hackwithproxy.tech/login> None of the scan will work in demo website. Username: root password: toor **Demo** **Key Features** * Highly target specific scan * Run multiple scans in parallel * Highly customizable scan based on user requirements * Absolute beginner friendly Web UI * Fast (as it is Asynchronous) * Export result in CSV or directly copy to clipboard * Telegram Notification **What Vajra does** * Subdomain Scan with IP, Status Code and Title. * [Subdomain Takeover](<https://www.kitploit.com/search/label/Subdomain%20Takeover> "Subdomain Takeover" ) Scan * Port Scan * Endpoints Discovery * Endpoints with Parameter Discovery * 24/7 Monitor Subdomains * 24/7 Monitor JavaScript * Templates Scan using Nuclei * Fuzz endpoints to find hidden endpoints or critical files (e.g .env) * Extract JavaScripts * Fuzz with Custom Generated wordlist * Extracts Secrets (e.g api keys, hidden javascripts endpoints) * Checks for Broken Links * Filter Endpoints based on extensions * Favicon Hash * Github Dorks * CORS Scan * CRLF Scan * 403 Bypasser * Find Hidden Parameters * Google Hacking * Shodan Search Queries * Extract Hidden Endpoints from JavaScript * Create target based Custom Wordlist * [Vulnerability](<https://www.kitploit.com/search/label/Vulnerability> "Vulnerability" ) Scan * CVE Scan * CouchDB to store all scan output **Total Scans** [![](https://1.bp.blogspot.com/-MnydfrffUfM/YE6OCjos2QI/AAAAAAAAVoY/eCfsQojY-fgNfl00dSHMVHmC1Ss0ycfhwCNcBGAsYHQ/w640-h322/vajra_9_scan.png)](<https://1.bp.blogspot.com/-MnydfrffUfM/YE6OCjos2QI/AAAAAAAAVoY/eCfsQojY-fgNfl00dSHMVHmC1Ss0ycfhwCNcBGAsYHQ/s1811/vajra_9_scan.png>) **Result of Scan** ** ** [![](https://1.bp.blogspot.com/--mjrF_5ONR0/YE6OGbhmRlI/AAAAAAAAVoc/4hZdxKcNG6c5gcNyX-5t0wSlOh0tNakIgCNcBGAsYHQ/w640-h320/vajra_10_scanned%252520%252520result.png)](<https://1.bp.blogspot.com/--mjrF_5ONR0/YE6OGbhmRlI/AAAAAAAAVoc/4hZdxKcNG6c5gcNyX-5t0wSlOh0tNakIgCNcBGAsYHQ/s1886/vajra_10_scanned%252520%252520result.png>) **Found Subdomains** [![](https://1.bp.blogspot.com/-J_G1Qt-O7g8/YE6OJozy9cI/AAAAAAAAVog/bvSn1omYo08LVSLKK2iHRLQUfNizSEnGgCNcBGAsYHQ/w640-h246/vajra_11_subdomains.png)](<https://1.bp.blogspot.com/-J_G1Qt-O7g8/YE6OJozy9cI/AAAAAAAAVog/bvSn1omYo08LVSLKK2iHRLQUfNizSEnGgCNcBGAsYHQ/s1920/vajra_11_subdomains.png>) **Subdomain Monitoring** [![](https://1.bp.blogspot.com/-D1tmxj52Sd8/YE6ONUGxZUI/AAAAAAAAVok/l28bKLnppZc6lMju4SOjU78k8IxqAanOwCNcBGAsYHQ/w566-h640/vajra_12_monitoring.png)](<https://1.bp.blogspot.com/-D1tmxj52Sd8/YE6ONUGxZUI/AAAAAAAAVok/l28bKLnppZc6lMju4SOjU78k8IxqAanOwCNcBGAsYHQ/s580/vajra_12_monitoring.png>) **Installation** All the installation instructions are available at wiki page. Find the wiki documentation here: <https://github.com/r3curs1v3-pr0xy/vajra/wiki/Installation> **Tools used by Vajra** All the tools used by Vajra are listed here: [Link](<https://github.com/r3curs1v3-pr0xy/vajra/blob/main/CREDITS.md> "Link" ) **Credits** Please take a look at [CREDITS.md](<https://github.com/r3curs1v3-pr0xy/vajra/blob/main/CREDITS.md> "CREDITS.md" ) **Disclaimer** Most of these tools have been developed by the authors of the tool that has been listed in [CREDITS.md](<https://github.com/r3curs1v3-pr0xy/vajra/blob/main/CREDITS.md> "CREDITS.md" ). I just put all the pieces together, plus some extra magic. This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only. **FAQ** * **What is the accuracy of this framework? ** => Vajra uses only open source tools and scripts so its accuracy depends upon those tools. * **What is scalability of this framework? ** => It depends upon the resources you provide to run it. * **Does it gives immediate result? ** -=> Although Vajra uses asynchronous methods but still it takes some time to complete all the scan. You can see your running scans through ongoing scan tab **[Download Vajra](<https://github.com/r3curs1v3-pr0xy/vajra> "Download Vajra" )**