Vajra is an automated web penetration testing framework that helps security researchers automate boring reconnaissance tasks and the same scan against multiple targets during web application penetration testing. Vajra is highly customizable, allowing researchers to customize the scanning scope. We do not need to perform all scans on the target. We can choose the scanning tasks to be performed according to our own needs, which can minimize unnecessary communication traffic and Output the scan results to CouchDB.
Vajra uses the most common open source tools, which are some tools that many security researchers use when conducting security testing. Vajra completes all tasks through a web browser and provides an easy-to-use user interface and a beginner-friendly functional framework.
As we all know, analyzing data from scan results is very important in the process of penetration testing. Only when you can visualize your data in an appropriate way can we Will try to find as much valuable information as possible.
Currently, Vajra’s developers have added 27 unique bug bounty program features, with more support to be added later.
Can perform highly targeted scans;
Run multiple scan tasks in parallel;
Can highly customize scans according to user requirements Tasks;
Absolutely beginner-friendly Web UI;
Fast scanning (asynchronous scanning);
Export results in CSV format or copy directly to clipboard
Telegram notification support;
Subdomain scanning using IP, status code and header;
Subdomain takeover scanning;
Port scanning;
Host discovery;
Host parameter scanning;
7x24 hours subdomain monitoring;
7x24 hours JavaScript monitoring;
Use Nuclei to perform template scanning;
Fuzz test endpoints to discover hidden nodes or critical files (e.g. .env);
Extract JavaScript;
Use a custom generated dictionary for fuzz testing;
Extract sensitive data such as API keys and hidden JavaScript;
Detect invalid links;
Filter nodes based on extensions;
Favicon hash;
GitHub Dork;
CORS scanning;
CRLF scanning;
403 bypass;
Find hidden parameters;
Google Hacking;
Shodan search query;
Extract hidden nodes from JavaScript;
Create target-based custom word lists;
Vulnerability scanning;
CVE scan;
CouchDB stores all scan output results;
$ git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git # sudo su (root access is required) # cd vajra/tools/ && chmod +x * # cd ../ # nano .env (Update username, password, and JWT Secret) # cd ./install # chmod +x ./install.sh # ./install.sh
First , we need to use the following command to clone the project source code locally:
git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git
Next, modify the configuration file, add API tokens, etc. Then run the following command:
docker-compose up
If you want to modify and update the file, you need to run the following command again:
docker-compose build docker-compose up
Complete Scan:
Scan result:
Subdomain name scan :
Subdomain name monitoring:
The above is the detailed content of How to analyze the application of automated web penetration testing framework. For more information, please follow other related articles on the PHP Chinese website!
What to do if win8wifi connection is not available
Latest ranking of digital currency exchanges
Introduction to standard tags in php
What's going on with the red light on the light signal?
Server attack defense methods
Characteristics of management information systems
What are the methods to implement operator overloading in Go language?
What system is android
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
