https://github.com/TROUBLE-1/Vajra

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.
https://github.com/TROUBLE-1/Vajra

aws azure azuread cloudsecurity gcp python3 redteam-tools toolkit

Last synced: 4 months ago
JSON representation

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.

• Host: GitHub
• URL: https://github.com/TROUBLE-1/Vajra
• Owner: TROUBLE-1
• License: agpl-3.0
• Created: 2022-03-01T14:31:27.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-03-21T06:25:58.000Z (4 months ago)
• Last Synced: 2024-03-21T07:34:26.005Z (4 months ago)
• Topics: aws, azure, azuread, cloudsecurity, gcp, python3, redteam-tools, toolkit
• Language: CSS
• Homepage:
• Size: 15.3 MB
• Stars: 347
• Watchers: 11
• Forks: 59
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Lists

• awesome-cloud-security - 地址 - 1/Vajra) `由「Kfzz1」师傅补充，感谢支持` (0x02 工具 :hammer_and_wrench: / 1 云服务工具)

README

        


  Vajra - Your Weapon To Cloud 





  

    

  

  

    

  

  








  

    

  



## About Vajra

Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment. 

The term Vajra refers to the Weapon of God Indra in Indian mythology (God of Thunder & Storms). Its connection to the cloud makes it a perfect name for the tool.

Vajra presently supports Azure and AWS Cloud environments, with plans to add support for Google Cloud Platform and certain OSINT in the future.

**Following features are available at the moment:**

- Azure

  - Attacking

      1. OAuth Based Phishing (Illicit Consent Grant Attack)

          - Exfiltrate Data

          - Enumerate Environment

          - Deploy Backdoors

          - Send mails/Create Rules

      2. Password Spray

      3. Password Brute Force

  - Enumeration

      1. Users 

      2. Subdomain 

      3. Azure Ad

      4. Azure Services

  - Specific Service

      1. Storage Accounts

- AWS

  - Attacking(In progress)

      1. Under Development

  - Enumeration

      1. IAM Enumeration

      2. S3 Scanner

      3. Under Development

  - Misconfiguration

_**Note:** This tool have been tested in a environment which had around 3 Lakh principals like users, groups, enterprise application, etc._



  


  





  


  



It features an intuitive web-based user interface built with the Python Flask module for a better user experience.

# **About Author**

Raunak Parmar is an information security professional whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 3+ years of experience in information security. Raunak holds OSWE certification and likes to research new attack methodologies and create open-source tools that can be used during Cloud Security assessments. He has worked extensively on Azure and AWS.

He is the author of [Vajra](https://github.com/TROUBLE-1/Vajra) an offensive cloud security tool and has spoken at multiple conferences like NullCon, Defcon, Blackhat, and local meetups.



### **Social Media Links**

- Twitter: [https://twitter.com/trouble1\_raunak](https://twitter.com/trouble1_raunak)

- YouTube: [https://www.youtube.com/channel/UCkJ\_sEF8iUDXPCI3UL0DAcg](https://www.youtube.com/channel/UCkJ_sEF8iUDXPCI3UL0DAcg)

- Linkedin: [https://www.linkedin.com/in/trouble1raunak/](https://www.linkedin.com/in/trouble1raunak/)

- GitHub: [https://github.com/TROUBLE-1/](https://github.com/TROUBLE-1/)

# Installation

## Docker

Pull the image file from dockerhub

```

docker pull tr0uble1/vajra   

```

Run Vajra with following and navigate to http://localhost

```

docker run -p 80:80 -d tr0uble1/vajra

```

## Manually

Run the following command to install all the modules.

```

pip install -r requirements.txt

```

Once installed run the following to start the application.

```

python app.py

```

## How to use Vajra?

A detailed usage guide is available on [Documentation](https://github.com/TROUBLE-1/Vajra/wiki/Documentation) section of the Wiki.

## Bugs and Feature Requests

Please raise an issue if you encounter a bug or have a feature request.

## Contributing

If you want to contribute to a project and make it better, your help is very welcome.