Vajra is a tool with a graphical user interface that can be used to attack and look around in the Azure environment of a target.
In Indian folklore, Vajra is the name of the weapon of the god of thunder and storms, Indra. Because it works with the cloud, it’s a great name for the tool.
Vajra currently works with Azure and AWS Cloud environments. In the future, it will also work with Google Cloud Platform and some OSINT environments.
Note: This tool have been tested in a environment which had around 3 Lakh principals like users, groups, enterprise application, etc.
It features an intuitive web-based user interface built with the Python Flask module for a better user experience.
Raunak Parmar is an information security professional whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 3+ years of experience in information security. Raunak holds OSWE certification and likes to research new attack methodologies and create open-source tools that can be used during Cloud Security assessments. He has worked extensively on Azure and AWS.
He is the author of Vajra an offensive cloud security tool and has spoken at multiple conferences like NullCon, Defcon, Blackhat, and local meetups.
Pull the image file from dockerhub
docker pull tr0uble1/vajra
Run Vajra with following and navigate to http://localhost
docker run -p 80:80 -d tr0uble1/vajra
Run the following command to install all the modules.
pip install -r requirements.txt
Once installed run the following to start the application.
python app.py
A detailed usage guide is available on Documentation section of the Wiki.
Please raise an issue if you encounter a bug or have a feature request.
If you want to contribute to a project and make it better, your help is very welcome.
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…
AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…
Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…