-
-
Notifications
You must be signed in to change notification settings - Fork 159
Installation
- Minimum of 1 GB of RAM
- Recommended RAM is more than 2 GB
- Debian based OS (currently tested in Ubuntu and Kali Linux)
- Minimum storage of 12 GB
- A VPS is recommended
$ git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git
# sudo su (root access is required)
# cd vajra/install
# ./install.sh
After 2-3 minutes, it will ask you to set ip on which CouchDB will run. Leave it as default. i.e 127.0.0.1
Now we need to set password for CouchDB. It is mandatory to set password as hackwithme
Don't worry! CouchDB is running on localhost which is 127.0.0.1 . Thus it is not accessable from outside.
After this, Vajra is ready to run :)
Add target name and select types of scan to start scanning.
Note: If subdomain is included in any of the scan then make sure to find subdomains before including subdomains in scans.
For more guide on usage, follow this URL: https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8
After completing above steps, Vajra is ready to run but to make full use of its feature, some additional configuration is required. We need to setup telegram notification, subdomain monitor, javascript monitor and GitDorker.
-
Please follow the guide below if you are unsure of how to create a personal access token: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
-
It is recommended to provide GitDorker with at least two GitHub personal access tokens so that it may alternate between the two during the dorking process and reduce the likelihood of being rate limited. Using multiple tokens from separate GitHub accounts will provide the best results.
-
After getting tokens, follow the below instructions
$ cd ./tools/GitDorker/tf
$ nano TOTKENSFILE
paste the tokens there and save the file and exit nano
GitDorker tokens has been saved for manual github recon
You need to set up your Telegram token in the Environment, You can follow this guide to get your Telegram Token. Link
- After getting your token and chat id, Go to tools/jsmon directory
$ cd tools/jsmon
- Edit .env file and replace token and chat id that you've generated earlier.
$ nano .env
JSMON_NOTIFY_TELEGRAM=True
JSMON_TELEGRAM_TOKEN=15469xxxxx:AAGxaoaOvHhZ6Fvgxxxxxxx_xxxxxxxxUtc
JSMON_TELEGRAM_CHAT_ID=-4734xxxxx
Now the final step is to create a cron script to check any changes in javascript regularly.
crontab -e
create an entry like this:
@daily cd /path/vajra/tools/jsmon/ && python3 jsmon.py (replace path with home directory. i.e. /home/user/vajra/tools/jsmon/)
We need to add telegram notification to get notified for any newly added subdomains.
- Go to ./tools/CertEagle/core directory.
$ cd ./tools/CertEagle/core/
- Edit config.py file and replace BOT_TOKEN and GROUP_ID with token that you generated earlier.
You can create another group for subdomain monitor bot token to keep everything seperate. (optional). Telegram bot is ready to work now.
Currently there is no any web interface to add domains and run subdomain monitor. You need to SSH into server to use this feature.
- Go to ./tools/CertEagle/ directory.
- Edit domains.yml file to add any target for monitoring.
- Follow this command.
$ screen -S certeagle
$ python3 certeagle.py
Press ctrl + A and D respectively. We run certeagle on another screen.
Note: To add or remove any target from monitoring, go to tools/CertEagle directory and edit domains.yml file. After editing, we need to restart certeagle to update changes in domains.yml file. Follow the commands to do so.
$ screen -R certeagle
$ ctrl + C
$ python3 certeagle.py
$ ctrl + A, D (to exit screen)
Everything has been done now. We are ready to run Vajra. Follow these steps to run
$ screen -S vajra
$ node index.js
$ Press ctrl +A and D
Vajra should be running on port 80. Now you can visit your external ip to get web interface. We run Vajra on another screen so that we can monitor logs anytime by going to that screen.
The default password is root:toor
To change password, edit index.js file and go to line number 3376 and update the password and save the file.
Subfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys.
Follow this official documentation of subfinder to add api keys.
https://github.com/projectdiscovery/subfinder#post-installation-instructions
If you need to access CouchDB web interface to make any changes in database then you can access it through ssh tunneling since CouchDB is running on localhost port 5984 of web server so it cannot be accessed directly.
ssh -N -L 5984:127.0.0.1:5984 user@ip
Now you can access CouchDB on your browser by visiting localhost:5984/_utils