-
-
Notifications
You must be signed in to change notification settings - Fork 158
Running with docker compose
- Install docker
- Install Docker Compose
- Minimum of 1 GB of RAM (Recommended more than 2 GB)
- Minimum storage of 12 GB
- A VPS is recommended
- git clone --recursive https://github.com/r3curs1v3-pr0xy/vajra.git
- Add API keys, tokens to GitDorker, CertEagel and Jsmon. (You can skip this for now)
- Edit .env file and change password and JWT Secret.
- Run
docker-compose up(Vajra will start on port 80)
After this, Vajra is ready to run :) You can visit your external IP if running on VPS to access Vajra.
Add target name and select types of scan to start scanning.
Note: If subdomain is included in any of the scan then make sure to find subdomains before including subdomains in scans.
For more guide on usage, follow this URL: https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8
After completing above steps, Vajra is ready to run but to make full use of its feature, some additional configuration is required. We need to setup telegram notification, subdomain monitor, javascript monitor and GitDorker.
-
Please follow the guide below if you are unsure of how to create a personal access token: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
-
It is recommended to provide GitDorker with at least two GitHub personal access tokens so that it may alternate between the two during the dorking process and reduce the likelihood of being rate limited. Using multiple tokens from separate GitHub accounts will provide the best results.
-
After getting tokens, follow the below instructions
$ cd ./tools/GitDorker/tf
$ nano TOTKENSFILE
paste the tokens there and save the file and exit nano
GitDorker tokens has been saved for manual github recon.
You need to set up your Telegram token in the Environment, You can follow this guide to get your Telegram Token. Link
-
After getting your token and chat id, Go to tools/jsmon directory
$ cd tools/jsmon -
Edit .env file and replace token and chat id that you've generated earlier.
$ nano .env
JSMON_NOTIFY_TELEGRAM=True
JSMON_TELEGRAM_TOKEN=15469xxxxx:AAGxaoaOvHhZ6Fvgxxxxxxx_xxxxxxxxUtc
JSMON_TELEGRAM_CHAT_ID=-4734xxxxx
We need to add telegram notification to get notified for any newly added subdomains.
- Go to ./tools/CertEagle/core directory.
$ cd ./tools/CertEagle/core/ - Edit config.py file and replace BOT_TOKEN and GROUP_ID with token that you generated earlier.
You can create another group for subdomain monitor bot token to keep everything seperate. (optional). Telegram bot is ready to work now.
Run the command: docker-compose build and docker-compose up again.
Everything has beed done now. The final step is to run CertEagle to monitor subdomains. For this we need to get shell inside docker instance.
- Run
docker-compose exec vajra bashin vajra directory. - Go to tools/CertEagle directory and run below commands.
cd ./tools/CertEagle
screen
python3 certeagle.py
This will run certeagle on another screen inside docker container. Press Ctrl + A and D respectively to exit screen.
- After this, the last step is to set cron to monitor javascript regularly. Run the command: crontab -e and add the following entry. @daily cd /app/tools/jsmon/ && python3 jsmon.py
Note: CouchDB is running on port 5984. So close this port from firewall if running on VPS to prevent from external access.
Visit the URL IP/login and use root:toor as username and password to login into panel
Subfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys.
Follow this official documentation of subfinder to add api keys.
https://github.com/projectdiscovery/subfinder#post-installation-instructions