vajra: automated web hacking framework
Vajra is an automated web hacking framework to automate boring recon tasks and the same scans for multiple targets during web application penetration testing. Vajra has a highly customizable target scope-based scan feature. Instead of running all the scans on target, it runs only those scans selected by you which will minimize unnecessary traffic and stores output in one place at CouchDB.
Vajra uses the most common open-source tools which every Bug Hunter runs during their testing on target. It does all the stuff through a web browser with a very simple UI that makes it an absolute beginner-friendly framework.
Analyzing your data from scan results is very important in Bug Bounty. The chances of missing anything is less only if you could visualize your data in a proper way and Vajra does so with a lot of filters.
I created this project for my personal use (about 6 months ago) but looking at its usefulness, I decided to make it open-source so that it can save your time and can get some more improvement from the community.
Currently, I added only 27 unique bug bounty features to it but more will be added in near future.
- Highly target specific scan
- Run multiple scans in parallel
- Highly customizable scan based on user requirements
- Absolute beginner-friendly Web UI
- Fast (as it is Asynchronous)
- Export results in CSV or directly copy to clipboard
- Telegram Notification
What Vajra does
- Subdomain Scan with IP, Status Code and Title.
- Subdomain Takeover Scan
- Port Scan
- Endpoints Discovery
- Endpoints with Parameter Discovery
- 24/7 Monitor Subdomains
- Templates Scan using Nuclei
- Fuzz endpoints to find hidden endpoints or critical files (e.g .env)
- Fuzz with Custom Generated wordlist
- Checks for Broken Links
- Filter Endpoints based on extensions
- Favicon Hash
- Github Dorks
- CORS Scan
- CRLF Scan
- 403 Bypasser
- Find Hidden Parameters
- Google Hacking
- Shodan Search Queries
- Create target based Custom Wordlist
- Vulnerability Scan
- CVE Scan
- CouchDB to store all scan output
Copyright (C) 2021 r3curs1v3-pr0xy