{"id":13782608,"url":"https://github.com/TROUBLE-1/Vajra","last_synced_at":"2025-05-11T16:30:48.830Z","repository":{"id":38470220,"uuid":"464927527","full_name":"TROUBLE-1/Vajra","owner":"TROUBLE-1","description":"Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.","archived":false,"fork":false,"pushed_at":"2024-06-17T11:49:02.000Z","size":16063,"stargazers_count":358,"open_issues_count":0,"forks_count":60,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-08-03T18:16:40.788Z","etag":null,"topics":["aws","azure","azuread","cloudsecurity","gcp","python3","redteam-tools","toolkit"],"latest_commit_sha":null,"homepage":"","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TROUBLE-1.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-01T14:31:27.000Z","updated_at":"2024-07-29T15:20:44.000Z","dependencies_parsed_at":"2024-01-18T13:06:50.139Z","dependency_job_id":"324aaa26-76a1-4b94-840e-9ba0a2d4584a","html_url":"https://github.com/TROUBLE-1/Vajra","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TROUBLE-1%2FVajra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TROUBLE-1%2FVajra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TROUBLE-1%2FVajra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TROUBLE-1%2FVajra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TROUBLE-1","download_url":"https://codeload.github.com/TROUBLE-1/Vajra/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225068714,"owners_count":17416119,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","azuread","cloudsecurity","gcp","python3","redteam-tools","toolkit"],"created_at":"2024-08-03T18:01:39.977Z","updated_at":"2025-05-11T16:30:48.820Z","avatar_url":"https://github.com/TROUBLE-1.png","language":"CSS","funding_links":[],"categories":["0x02 工具 :hammer_and_wrench:","python3"],"sub_categories":["1 云服务工具"],"readme":"\u003ch1 align=\"center\"\u003e\n Vajra - Your Weapon To Cloud \n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/toolswatch/badges/b3a921c9e9084018758752aacc9bd9ec95cd11f8/arsenal/europe/2021.svg\"\u003e\n \u003c/a\u003e\n \u003ca href=\"\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/License-AGPL_v3-blue.svg\"\u003e\n \u003c/a\u003e\n \n\u003c/p\u003e\n\n\n\u003cbr\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/TROUBLE-1/Vajra/\"\u003e\n \u003cimg src=\"https://media3.giphy.com/media/pZOMvUVfVKJWP05Kww/giphy.gif\" width=\"750\" \u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\n\n## About Vajra\n\nVajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment. \n\nThe term Vajra refers to the Weapon of God Indra in Indian mythology (God of Thunder \u0026amp; Storms). Its connection to the cloud makes it a perfect name for the tool.\n\nVajra presently supports Azure and AWS Cloud environments, with plans to add support for Google Cloud Platform and certain OSINT in the future.\n\n**Following features are available at the moment:**\n\n- Azure\n - Attacking\n 1. OAuth Based Phishing (Illicit Consent Grant Attack)\n - Exfiltrate Data\n - Enumerate Environment\n - Deploy Backdoors\n - Send mails/Create Rules\n 2. Password Spray\n 3. Password Brute Force\n - Enumeration\n 1. Users \n 2. Subdomain \n 3. Azure Ad\n 4. Azure Services\n - Specific Service\n 1. Storage Accounts\n- AWS\n - Attacking(In progress)\n 1. Under Development\n - Enumeration\n 1. IAM Enumeration\n 2. S3 Scanner\n 3. Under Development\n - Misconfiguration\n\n_**Note:** This tool have been tested in a environment which had around 3 Lakh principals like users, groups, enterprise application, etc._\n\n\u003cspan align=\"center\"\u003e\n \u003cbr\u003e\n \u003cimg src=\"https://github.com/TROUBLE-1/Vajra/raw/main/images/dashboard.png\"\u003e\n\u003c/span\u003e\n\n\u003cspan align=\"center\"\u003e\n \u003cbr\u003e\n \u003cimg src=\"https://github.com/TROUBLE-1/Vajra/raw/main/images/aws-dashboard.png\"\u003e\n\u003c/span\u003e\n\nIt features an intuitive web-based user interface built with the Python Flask module for a better user experience.\n\n# **About Author**\n\nRaunak Parmar is an information security professional whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 3+ years of experience in information security. Raunak holds OSWE certification and likes to research new attack methodologies and create open-source tools that can be used during Cloud Security assessments. He has worked extensively on Azure and AWS.\n\nHe is the author of [Vajra](https://github.com/TROUBLE-1/Vajra) an offensive cloud security tool and has spoken at multiple conferences like NullCon, Defcon, Blackhat, and local meetups.\n\n\u003ca target=\"_blank\"\u003e\u003cimg alt=\"readme-stats\" src=\"https://github-readme-stats.vercel.app/api?username=trouble-1\u0026show_icons=true\u0026theme=vue-dark\"/\u003e\u003c/a\u003e\n\n### **Social Media Links**\n\n- Twitter: [https://twitter.com/trouble1\\_raunak](https://twitter.com/trouble1_raunak)\n- YouTube: [https://www.youtube.com/channel/UCkJ\\_sEF8iUDXPCI3UL0DAcg](https://www.youtube.com/channel/UCkJ_sEF8iUDXPCI3UL0DAcg)\n- Linkedin: [https://www.linkedin.com/in/trouble1raunak/](https://www.linkedin.com/in/trouble1raunak/)\n- GitHub: [https://github.com/TROUBLE-1/](https://github.com/TROUBLE-1/)\n\n\n\n\n# Installation\n\u003c!--\nInstall postgres database with credential postgres/postgres and create a database name vajra. If postgres is not installed then by default sqlite will be used.\n---\u003e\n\u003c!--\n## Docker\n\nPull the image file from dockerhub\n```\ndocker pull tr0uble1/vajra \n```\nRun Vajra with following and navigate to http://localhost\n```\ndocker run -p 80:80 -d tr0uble1/vajra\n```\n--\u003e\n## Manually\n\nRun the following command to install all the modules.\n\n```\npip install -r requirements.txt\n```\nOnce installed run the following to start the application.\n\n```\npython app.py\n```\n\n\n## How to use Vajra?\n\nA detailed usage guide is available on [Documentation](https://github.com/TROUBLE-1/Vajra/wiki/Documentation) section of the Wiki.\n\n## Bugs and Feature Requests\n\nPlease raise an issue if you encounter a bug or have a feature request.\n\n## Contributing\n\nIf you want to contribute to a project and make it better, your help is very welcome.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTROUBLE-1%2FVajra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTROUBLE-1%2FVajra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTROUBLE-1%2FVajra/lists"}