How to analyze the application of automated web penetration testing framework

WBOY
Release: 2023-05-15 13:46:14
forward
2298 people have browsed it

About Vajar

Vajra is an automated web penetration testing framework that helps security researchers automate boring reconnaissance tasks and the same scan against multiple targets during web application penetration testing. Vajra is highly customizable, allowing researchers to customize the scanning scope. We do not need to perform all scans on the target. We can choose the scanning tasks to be performed according to our own needs, which can minimize unnecessary communication traffic and Output the scan results to CouchDB.

Vajra uses the most common open source tools, which are some tools that many security researchers use when conducting security testing. Vajra completes all tasks through a web browser and provides an easy-to-use user interface and a beginner-friendly functional framework.

How to analyze the application of automated web penetration testing framework

As we all know, analyzing data from scan results is very important in the process of penetration testing. Only when you can visualize your data in an appropriate way can we Will try to find as much valuable information as possible.

Currently, Vajra’s developers have added 27 unique bug bounty program features, with more support to be added later.

Core functions

Can perform highly targeted scans;

Run multiple scan tasks in parallel;

Can highly customize scans according to user requirements Tasks;

Absolutely beginner-friendly Web UI;

Fast scanning (asynchronous scanning);

Export results in CSV format or copy directly to clipboard

Telegram notification support;

What can Vajra do?

Subdomain scanning using IP, status code and header;

Subdomain takeover scanning;

Port scanning;

Host discovery;

Host parameter scanning;

7x24 hours subdomain monitoring;

7x24 hours JavaScript monitoring;

Use Nuclei to perform template scanning;

Fuzz test endpoints to discover hidden nodes or critical files (e.g. .env);

Extract JavaScript;

Use a custom generated dictionary for fuzz testing;

Extract sensitive data such as API keys and hidden JavaScript;

Detect invalid links;

Filter nodes based on extensions;

Favicon hash;

GitHub Dork;

CORS scanning;

CRLF scanning;

403 bypass;

Find hidden parameters;

Google Hacking;

Shodan search query;

Extract hidden nodes from JavaScript;

Create target-based custom word lists;

Vulnerability scanning;

CVE scan;

CouchDB stores all scan output results;

Tool manual installation

$ git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git # sudo su (root access is required) # cd vajra/tools/ && chmod +x * # cd ../ # nano .env (Update username, password, and JWT Secret) # cd ./install # chmod +x ./install.sh # ./install.sh
Copy after login

Use Docker-Compose to run

First , we need to use the following command to clone the project source code locally:

git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git
Copy after login

Next, modify the configuration file, add API tokens, etc. Then run the following command:

docker-compose up
Copy after login

If you want to modify and update the file, you need to run the following command again:

docker-compose build docker-compose up
Copy after login

Tool usage example

Complete Scan:

How to analyze the application of automated web penetration testing framework

Scan result:

How to analyze the application of automated web penetration testing framework

Subdomain name scan :

How to analyze the application of automated web penetration testing framework

Subdomain name monitoring:

How to analyze the application of automated web penetration testing framework

The above is the detailed content of How to analyze the application of automated web penetration testing framework. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
web
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!