Vajra v2.3 releases: attacking and enumerating in the target’s Azure environment

by do son · Published March 5, 2022 · Updated August 4, 2022

Vajra

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target’s Azure environment.

The term Vajra refers to the Weapon of God Indra in Indian mythology (God of Thunder & Storms). Its connection to the cloud makes it a perfect name for the tool.

Vajra currently supports Azure Cloud environments and plans to support AWS cloud environments and some OSINT in the future.

Following features are available at the moment:

Azure
- Attacking
  1. OAuth Based Phishing (Illicit Consent Grant Attack)
    - Exfiltrate Data
    - Enumerate Environment
    - Deploy Backdoors
    - Send mails/Create Rules
  2. Password Spray
  3. Password Brute Force
- Enumeration
  1. Users
  2. Subdomain
  3. Azure Ad
  4. Azure Services
- Specific Service
  1. Storage Accounts

Changelog v2.3

[Fixed] JWT Decoding error
Removed unwanted download button from AWS

Install

git clone https://github.com/TROUBLE-1/Vajra.git

Install postgres database with credential postgres/postgres and create a database name vajra. If postgres is not installed then by default sqlite will be used.

Run the following command to install all the modules.

pip install -r requirements.txt

Once installed run the following to start the application.

python app.py

Module

Userenum

The First tool that anyone would like to perform is for user enumeration. During a black box, you might perform some OSINT techniques to gather emails id’s for the targeted company let’s say company XYZ Ltd. You could try to enumerate all over google with matching regex.