Vajra is an automated attack and penetration testing framework. It has a highly customizable scanning capability based on the range of targets. Instead of performing all the scans on the target, it performs only those scans that you have selected, which will minimize unnecessary movement and save the results in CouchDB.
It uses common open source tools that every Bug Hunter runs during their testing on a target. It performs the scanning process through the program browsing with very simple user interface which makes it very friendly for beginners.
Basic features
- Targeted special scan
- Perform multiple scans simultaneously
- Extremely customizable scan based on each user's requirements
- Friendly Web UI for novice users
- Extremely fast
- Export result to CSV or copy directly to clipboard
additional characteristics
- Subdomain Scan with IP, Status Code and Title.
- Subdomain Takeover Scan
- Port Scan
- Endpoint Discovery
- Endpoints with Parameter Discovery
- 24/7 Monitor Subdomains
- 24/7 JavaScript Monitor
- Templates Scan using Nuclei
- Fuzz endpoints to find hidden endpoints or critical files (eg .env)
- Extract JavaScripts
- Fuzz with Custom Generated wordlist
- Extracts Secrets (eg api keys, hidden javascripts endpoints)
- Checks for Broken Links
- Filter Endpoints based on extensions
- Favicon Hash
- Github Dorks
- CORS Scan
- CRLF Scan
- 403 Bypasser
- Find Hidden Parameters
- google-hacking
- Shodan Search Queries
- Extract Hidden Endpoints from JavaScript
- Create target based Custom Wordlist
- Vulnerability Scan
- CVE Scan
- CouchDB to store all scan output
Installation
Information about installing the program, you will find here.
Application snapshots
Video guide
https://www.youtube.com/watch?v=WLurj5Lg8cI
You can download the program from here.