Skip to content
This repository has been archived by the owner on Sep 18, 2022. It is now read-only.

Running with docker compose

Bipul Jaiswal edited this page Mar 28, 2021 · 2 revisions

Running Vajra through docker-compose

Requirements

  • Install docker
  • Install Docker Compose
  • Minimum of 1 GB of RAM (Recommended more than 2 GB)
  • Minimum storage of 12 GB
  • A VPS is recommended

Steps to run Vajra

  1. git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git
  2. Add API keys, tokens to GitDorker, CertEagel and Jsmon. (You can skip this for now)
  3. Edit .env file and change password and JWT Secret.
  4. Run docker-compose up (Vajra will start on port 80)

After this, Vajra is ready to run :) You can visit your external IP if running on VPS to access Vajra.

Usage

Add target name and select types of scan to start scanning.

Note: If subdomain is included in any of the scan then make sure to find subdomains before including subdomains in scans.

For more guide on usage, follow this URL: https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8

Additional setup but it is important

After completing above steps, Vajra is ready to run but to make full use of its feature, some additional configuration is required. We need to setup telegram notification, subdomain monitor, javascript monitor and GitDorker.

Set Github Personal Access Token for GitDorker

  • Please follow the guide below if you are unsure of how to create a personal access token: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token

  • It is recommended to provide GitDorker with at least two GitHub personal access tokens so that it may alternate between the two during the dorking process and reduce the likelihood of being rate limited. Using multiple tokens from separate GitHub accounts will provide the best results.

  • After getting tokens, follow the below instructions

 $ cd ./tools/GitDorker/tf
 $ nano TOTKENSFILE
 paste the tokens there and save the file and exit nano

GitDorker tokens has been saved for manual github recon.

Setup JavaScript Monitor

You need to set up your Telegram token in the Environment, You can follow this guide to get your Telegram Token. Link

  • After getting your token and chat id, Go to tools/jsmon directory $ cd tools/jsmon

  • Edit .env file and replace token and chat id that you've generated earlier. $ nano .env

JSMON_NOTIFY_TELEGRAM=True
JSMON_TELEGRAM_TOKEN=15469xxxxx:AAGxaoaOvHhZ6Fvgxxxxxxx_xxxxxxxxUtc
JSMON_TELEGRAM_CHAT_ID=-4734xxxxx

Setup CertEagle to Monitor Subdomains

We need to add telegram notification to get notified for any newly added subdomains.

  1. Go to ./tools/CertEagle/core directory. $ cd ./tools/CertEagle/core/
  2. Edit config.py file and replace BOT_TOKEN and GROUP_ID with token that you generated earlier.

You can create another group for subdomain monitor bot token to keep everything seperate. (optional). Telegram bot is ready to work now.

All the keys,tokens has been added now. It's time to update changes and run Vajra

Run the command: docker-compose build and docker-compose up again.

Everything has beed done now. The final step is to run CertEagle to monitor subdomains. For this we need to get shell inside docker instance.

  1. Run docker-compose exec vajra bash in vajra directory.
  2. Go to tools/CertEagle directory and run below commands.
cd ./tools/CertEagle
screen 
python3 certeagle.py

This will run certeagle on another screen inside docker container. Press Ctrl + A and D respectively to exit screen.

  1. After this, the last step is to set cron to monitor javascript regularly. Run the command: crontab -e and add the following entry. @daily cd /app/tools/jsmon/ && python3 jsmon.py

Note: CouchDB is running on port 5984. So close this port from firewall if running on VPS to prevent from external access.

Visit the URL IP/login and use root:toor as username and password to login into panel

Additional Information

Add api keys to increase efficiency of subfinder to gather subdomains.

Subfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys.

Follow this official documentation of subfinder to add api keys.

https://github.com/projectdiscovery/subfinder#post-installation-instructions