Skip to content

Cybersecurity News

Search for:

Home
Cyber Security
Data Leak
Linux
Malware Attack
Open Source Tool
Technology
Vulnerability
Windows

Home
Cyber Security
Data Leak
Linux
Malware Attack
Open Source Tool
Technology
Vulnerability
Windows

Search for:

Cybersecurity News

Web Information Gathering / Web Vulnerability Analysis

vajra: automated web hacking framework

by do son · Published March 14, 2021 · Updated March 13, 2021

automated web hacking framework

vajra

Vajra is an automated web hacking framework to automate boring recon tasks and the same scans for multiple targets during web application penetration testing. Vajra has a highly customizable target scope-based scan feature. Instead of running all the scans on target, it runs only those scans selected by you which will minimize unnecessary traffic and stores output in one place at CouchDB.

Vajra uses the most common open-source tools which every Bug Hunter runs during their testing on target. It does all the stuff through a web browser with a very simple UI that makes it an absolute beginner-friendly framework.

Analyzing your data from scan results is very important in Bug Bounty. The chances of missing anything is less only if you could visualize your data in a proper way and Vajra does so with a lot of filters.

I created this project for my personal use (about 6 months ago) but looking at its usefulness, I decided to make it open-source so that it can save your time and can get some more improvement from the community.

Currently, I added only 27 unique bug bounty features to it but more will be added in near future.

Key Features

Highly target specific scan
Run multiple scans in parallel
Highly customizable scan based on user requirements
Absolute beginner-friendly Web UI
Fast (as it is Asynchronous)
Export results in CSV or directly copy to clipboard
Telegram Notification

What Vajra does

Subdomain Scan with IP, Status Code and Title.
Subdomain Takeover Scan
Port Scan
Endpoints Discovery
Endpoints with Parameter Discovery
24/7 Monitor Subdomains
24/7 Monitor JavaScript
Templates Scan using Nuclei
Fuzz endpoints to find hidden endpoints or critical files (e.g .env)
Extract JavaScripts
Fuzz with Custom Generated wordlist
Extracts Secrets (e.g api keys, hidden javascripts endpoints)
Checks for Broken Links
Filter Endpoints based on extensions
Favicon Hash
Github Dorks
CORS Scan
CRLF Scan
403 Bypasser
Find Hidden Parameters
Google Hacking
Shodan Search Queries
Extract Hidden Endpoints from JavaScript
Create target based Custom Wordlist
Vulnerability Scan
CVE Scan
CouchDB to store all scan output

Install & Use

Copyright (C) 2021 r3curs1v3-pr0xy

Share

Tags: automated web hacking framework

Follow:

Search

Visit Penetration Testing Tools & The Information Technology Daily

Support Securityonline.info site. Thanks!

Vulnerability

Ragic Enterprise Cloud Database Patches Multi Flaws, Including CVE-2024-9984 (CVSS 9.8)

October 16, 2024
Vulnerability

CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover

October 23, 2024
Vulnerability

PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel

October 29, 2024
Vulnerability

AWS IAM Roles Anywhere: A Potential Backdoor for Attackers?

November 5, 2024
Vulnerability

GitHub Enterprise Server Patches Critical Security Flaw – CVE-2024-9487 (CVSS 9.5)

October 13, 2024

Reward

Brilliantly

SAFE!

securityonline.info

Content & Links

Verified by Sur.ly

2022

Website

About SecurityOnline.info
Advertise on SecurityOnline.info
Contact

About Us
Contact Us
Disclaimer
Privacy Policy
DMCA NOTICE
Sponsors

Cybersecurity News © 2024. All Rights Reserved.

x