Cyber security

Vajra – Your Weapon To Cloud

About Vajra

Vajra is a tool with a graphical user interface that can be used to attack and look around in the Azure environment of a target.

In Indian folklore, Vajra is the name of the weapon of the god of thunder and storms, Indra. Because it works with the cloud, it’s a great name for the tool.

Vajra currently works with Azure and AWS Cloud environments. In the future, it will also work with Google Cloud Platform and some OSINT environments.

Following features are available at the moment:

  • Azure
    • Attacking
      1. OAuth Based Phishing (Illicit Consent Grant Attack)
        • Exfiltrate Data
        • Enumerate Environment
        • Deploy Backdoors
        • Send mails/Create Rules
      2. Password Spray
      3. Password Brute Force
    • Enumeration
      1. Users
      2. Subdomain
      3. Azure Ad
      4. Azure Services
    • Specific Service
      1. Storage Accounts
  • AWS
    • Attacking(In progress)
      1. Under Development
    • Enumeration
      1. IAM Enumeration
      2. S3 Scanner
      3. Under Development
    • Misconfiguration

Note: This tool have been tested in a environment which had around 3 Lakh principals like users, groups, enterprise application, etc.

It features an intuitive web-based user interface built with the Python Flask module for a better user experience.

About Author

Raunak Parmar is an information security professional whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 3+ years of experience in information security. Raunak holds OSWE certification and likes to research new attack methodologies and create open-source tools that can be used during Cloud Security assessments. He has worked extensively on Azure and AWS.

He is the author of Vajra an offensive cloud security tool and has spoken at multiple conferences like NullCon, Defcon, Blackhat, and local meetups.

Social Media Links

Installation

Docker

Pull the image file from dockerhub

docker pull tr0uble1/vajra   

Run Vajra with following and navigate to http://localhost

docker run -p 80:80 -d tr0uble1/vajra

Manually

Run the following command to install all the modules.

pip install -r requirements.txt

Once installed run the following to start the application.

python app.py

How to use Vajra?

A detailed usage guide is available on Documentation section of the Wiki.

Bugs and Feature Requests

Please raise an issue if you encounter a bug or have a feature request.

Contributing

If you want to contribute to a project and make it better, your help is very welcome.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

7 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago