All Projects → r3curs1v3-pr0xy → Vajra

r3curs1v3-pr0xy / Vajra

Licence: gpl-3.0
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Programming Languages

184084 projects - #8 most used programming language

Projects that are alternatives of or similar to Vajra

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1178.44%)
Mutual labels:  osint, scanner, recon, information-gathering, bug-bounty, pentesting
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+759.48%)
Mutual labels:  osint, hacking, pentesting, scanner, pentest-tool, information-gathering
Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-60.97%)
Mutual labels:  osint, hacking, pentesting, scanner, recon
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (+130.86%)
Mutual labels:  osint, hacking, scanner, recon, information-gathering
swiss army knife for hackers
Stars: ✭ 346 (+28.62%)
Mutual labels:  osint, hacking, pentesting, scanner, information-gathering
Web path scanner
Stars: ✭ 7,246 (+2593.68%)
Mutual labels:  hacking, pentesting, scanner, bug-bounty, pentest-tool
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+58.74%)
Mutual labels:  osint, hacking, pentesting, recon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+101.12%)
Mutual labels:  osint, pentesting, pentest-tool, recon
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+109.67%)
Mutual labels:  osint, hacking, recon, information-gathering
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (+202.6%)
Mutual labels:  osint, pentesting, recon, bug-bounty
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-47.21%)
Mutual labels:  scanner, bug-bounty, recon, information-gathering
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1160.59%)
Mutual labels:  osint, hacking, pentest-tool, information-gathering
Sifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (+49.81%)
Mutual labels:  osint, pentesting, scanner, recon
Stars: ✭ 4,202 (+1462.08%)
Mutual labels:  osint, pentest-tool, recon, information-gathering
An OSINT tool to gather information about the real owner of a phone number
Stars: ✭ 73 (-72.86%)
Mutual labels:  osint, hacking, scanner, information-gathering
Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-46.47%)
Mutual labels:  osint, hacking, pentesting, pentest-tool
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-53.53%)
Mutual labels:  hacking, pentesting, scanner, bug-bounty
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-56.88%)
Mutual labels:  hacking, pentesting, recon, information-gathering
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+3238.66%)
Mutual labels:  osint, hacking, pentesting, information-gathering
Stars: ✭ 250 (-7.06%)
Mutual labels:  hacking, pentesting, scanner, bug-bounty

                           Stars NPM Version License: GPL v3 contribution PyPi Python Versions Demo Youtube
                                                   An automated web hacking framework for web applications

Table of Content

Detailed insight about Vajra can be found at

About Vajra


Vajra is an automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing. Vajra has highly customizable target scope based scan feature. Instead of running all the scan on target, it runs only those scan selected by you which will minimize unnecessary traffic and stores output in one place at CouchDB.

Vajra uses most common open source tools which every Bug Hunter runs during their testing on target. It does all the stuffs through web browser with very simple UI that makes it absolute beginner friendly framework.

Analyzing your data from scan result is very important in Bug Bounty. The chances of missing anything is less only if you could visualize your data in proper way and Vajra does so with a lot of filters.

I created this project for my personal use (about 6 months ago) but looking at its usefulness, I decided to make it open-source so that it can save your time and can get some more improvement from community.

Currently, I added only 27 unique bug bounty feature to it but more will be added in near future.

Visit this URL for Demo:

None of the scan will work in demo website. Username: root password: toor


Demo Video

Key Features

  • Highly target specific scan
  • Run multiple scans in parallel
  • Highly customizable scan based on user requirements
  • Absolute beginner friendly Web UI
  • Fast (as it is Asynchronous)
  • Export result in CSV or directly copy to clipboard
  • Telegram Notification

What Vajra does

  • [x] Subdomain Scan with IP, Status Code and Title.
  • [x] Subdomain Takeover Scan
  • [x] Port Scan
  • [x] Endpoints Discovery
  • [x] Endpoints with Parameter Discovery
  • [x] 24/7 Monitor Subdomains
  • [x] 24/7 Monitor JavaScript
  • [x] Templates Scan using Nuclei
  • [x] Fuzz endpoints to find hidden endpoints or critical files (e.g .env)
  • [x] Extract JavaScripts
  • [x] Fuzz with Custom Generated wordlist
  • [x] Extracts Secrets (e.g api keys, hidden javascripts endpoints)
  • [x] Checks for Broken Links
  • [x] Filter Endpoints based on extensions
  • [x] Favicon Hash
  • [x] Github Dorks
  • [x] CORS Scan
  • [x] CRLF Scan
  • [x] 403 Bypasser
  • [x] Find Hidden Parameters
  • [x] Google Hacking
  • [x] Shodan Search Queries
  • [x] Extract Hidden Endpoints from JavaScript
  • [x] Create target based Custom Wordlist
  • [x] Vulnerability Scan
  • [x] CVE Scan
  • [x] CouchDB to store all scan output

Total Scans


Result of Scan


Found Subdomains


Subdomain Monitoring

subdomain monitor


All the installation instructions are available at wiki page. Find the wiki documentation here:

Tools used by Vajra

All the tools used by Vajra are listed here: Link


Thank you for your consideration for making your valuable contributions to Vajra! Start by taking a look at the below mentioned points

  • Fix any issues/bugs
  • Solve opened issues
  • Clean code
  • Add any new features
  • Works on Future Plans/Under Developement
  • Support this project by sponsoring/donating

Financial Contributors:


Code Contributors:

If you have some new idea about this project, issue, feedback or found some valuable tool feel free to open an issue or just DM me via @r3curs1v3_pr0xy

If you like Vajra and wants to support



Bitcoin: 3EB5AsRrzSjMXnPDwSuxnyW1cc2APSHEWr

10% of total donation will go to Animal Aid Unilimited.


It is distributed under the GNU GPL v3 license License. See LICENSE for more information.

Future Plans/Under Development

  • Add feature to upload wordlist for bruteforcing
  • Add slack/discord notification
  • Improve Result UI
  • Add server console through web interface
  • Schedule Scan
  • Take Notes in web UI


Please take a look at Thanks to @maniac_en for helping with version control and repo management.


Most of these tools have been developed by the authors of the tool that has been listed in I just put all the pieces together, plus some extra magic.

This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only.


  • What is the accuracy of this framework?

=> Vajra uses only open source tools and scripts so its accuracy depends upon those tools.

  • What is scalability of this framework?

=> It depends upon the resources you provide to run it.

  • Does it gives immediate result?

-=> Although Vajra uses asynchronous methods but still it takes some time to complete all the scan. You can see your running scans through ongoing scan tab

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].