分布式信息收集扫描工具框架,一键创建云上多实例分布式扫描。github:https://github.com/pry0cc/axiom/
官网上提供了四种方式,分别是Docker、Easy Install、Using Git Clone、Manual
(资料图片仅供参考)
我喜欢使用Git CLone的方式(可以在本地搭建也可以在VPS上搭建):
Ensure that ~/.axiom/ does not exist
rm -rf ~/.axiom/
Clone the axiom repository
git clone https://github.com/pry0cc/axiom ~/.axiom/
Run configure script
$HOME/.axiom/interact/axiom-configure
执行axiom-configure会自动安装依赖,需要填入云平台的key(这里支持多个云平台,我选择的AWS)
填入key和secret后再选择region,填写需要创建的镜像类型(如果是结合reconftw使用,就选择reconftw,常规保持默认default)
We currently offerthreedifferent base provisioner files, and 2 custom provisioner file to build images.
- Defaultis our latest iteration of axiom provisioners. It comes with all tools installed and has been optimized for readability. Recommended for axiom-fleet.
- ReconFTWprovisioner includes all tools in ReconFTW and works with most modules. Recommended for ReconFTW.
- Barebonesis our decently secure base install, comes with Docker, Go-lang, Interlace and nmap installed. Recommended for templating.
Custom Images:
- Classicprovisioner works with most modules and was the first iteration of axiom provisioner files.
- Lightprovisioner comes with zsh and a few other minor adjustments over the barebones provisioner.
之后就会自动在你所在的云平台创建image(之后分布式任务都是基于该image镜像,从image创建多个实例然后分布式的跑任务)
在安装成功后,基本如下这样:
Your build completed successfully in xx minutes! You should run axiom-update && axiom-build weekly to get the latest and greatest updates! To initialize an instance, run axiom-initYou may need to restart your shell: /usr/bin/bash
然后重启下shell,尝试axiom-init
创建一个实例,如果可以成功创建,会出现以下回显:
Initializing "gates22" at "us-west-2" with image "axiom-default-1681197876"INITIALIZING IN 5 SECONDS, CTRL+C to quit... Initialized instance "gates22" at "54.202.75.136"!To connect, run "axiom-ssh gates22" or "axiom-connect"
然后就可以使用axiom-ssh gates22
or axiom-connect
进行ssh连接:
ubuntu@ip-172-26-12-147:~/.axiom$ axiom-connect The authenticity of host "[54.202.75.136]:2266 ([54.202.75.136]:2266)" can"t be established.ECDSA key fingerprint is SHA256:7Jwl55zMmk0RVuTaFpVkcXh0avGNSvUpK1J8zEc/GXo.Are you sure you want to continue connecting (yes/no/[fingerprint])? yesWarning: Permanently added "[54.202.75.136]:2266" (ECDSA) to the list of known hosts. ▄▄▄ ▒██ ██▒ ██▓ ▒█████ ███▄ ▄███▓▒████▄ ▒▒ █ █ ▒░▓██▒▒██▒ ██▒▓██▒▀█▀ ██▒▒██ ▀█▄ ░░ █ ░▒██▒▒██░ ██▒▓██ ▓██░░██▄▄▄▄██ ░ █ █ ▒ ░██░▒██ ██░▒██ ▒██ ▓█ ▓██▒▒██▒ ▒██▒░██░░ ████▓▒░▒██▒ ░██▒ ▒▒ ▓▒█░▒▒ ░ ░▓ ░░▓ ░ ▒░▒░▒░ ░ ▒░ ░ ░ ▒ ▒▒ ░░░ ░▒ ░ ▒ ░ ░ ▒ ▒░ ░ ░ ░Public IP: 54.202.75.136 - Instance: ip-172-31-22-71
这样就表示已经安装好了。
管理镜像、快照
axiom-images ls # List available imagesaxiom-images use # Replace image used for axiom-init/axiom-fleet with user provided image name axiom-images rm # Delete image by name
初始化一个实例
axiom-init # Initaxiom-init --deploy --restore # Init & deploy& restore #Note: profile argument is file name is without .json
列出当前运行的实例
axiom-ls
在实例上运行命令
axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf) axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok axiom-exec "sudo apt dist-upgrade -y" -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
通过ssh连接到实例
axiom-connect #automatically connects to list initialized instanceaxiom-connect axiom-ssh axiom-ssh --tmux # 使用该参数,结合ctrl+a d 可以实现退出ssh窗口但会话依然运行axiom-ssh -m -t # Connect with mosh and attach to tmux sessionaxiom-ssh -m -t main-15axiom-ssh -L 8080:127.0.0.1:8080 -D 4040 #All additional SSH args are passed to SSHaxiom-ssh --cache #Don"t generate ssh config, just connect with cacheaxiom-ssh --just-generate # Generate an SSH config at ~/.axiom/.sshconfig
将一个初始化的实例备份到云端
删除一个或多个实例
axiom-rm # Delete box by specifying the nameaxiom-rm -f # Forcibly delete box by specifying theaxiom-rm \* # Delete all instances that start with . You must escape the asterisk. axiom-rm \* -f # Forcibly delete all instances that start with . You must escape the asterisk. axiom-rm "\*" # Delete all instances on the account. Must be wrapped in single quote and escape the asterisk. axiom-rm "\*" -f # Forcibly delete all instances on the account. Must be wrapped in single quote and escape the asterisk.
实例/集群 开启/关闭/重启
axiom-power on "rez\*" # Power on all instances in fleet named rezaxiom-power off "rez\*" # Power off rez fleetaxiom-power reboot "rez\*" # Reboot rez fleet
列出所有备份box
axiom-boxes ls # List boxesaxiom-boxes ls --archive # List archived boxesaxiom-boxes new # Create a blank box backupaxiom-boxes rm # Delete a box backup axiom-boxes archive # Archive a box (tarball & gpg -e)axiom-boxes unarchive # Unarchive (from ~/.axiom/archives/), gpg decryptsaxiom-boxes get pry0cc/lazy # Get a box from github, username/repo
切换到新的region
axiom-region ls # lists regionsaxiom-region select # select regionaxiom-region select ams2
设置新账号和切换账号
axiom-account-setup # Setup a new accountaxiom-account # No args, list available accountsaxiom-account #Select/Switch to the specified account
双向复制文件
$name
必须使用单引号)axiom-scp "myfleet*":/home/op/myfile.txt "~/local/folder/$name.txt"
$name
必须使用单引号)axiom-scp "myfleet*":/home/op/myfile/ "~/local/folder/$name"
axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt "~/local/folder/myfile-from-myfleet05.txt"
axiom-scp myfile.txt "myfleet*":/home/op/myfile.txt
axiom-scp mytemplates/ "myfleet*":/home/op/custom-templates
axiom-select ""axiom-select "testy*" # Testy is an example of a fleetaxiom-deploy openvpn "" # Install openvpn against host or fleetaxiom-deploy covenant "" # Install covenant
axiom-select . axiom-docker # Not a typo, the . means sourcedocker ps
连接到在axiom部署的openVPN
axiom-vpn
使用ssh隧道搭建socks代理,本地端口5000-50100之间,会在当前目录生成一个proxychains.conf配置文件。
axiom-proxy "*"axiom-proxy ""axiom-proxy "testy*"proxychains4 curl -s ipinfo.io
仅支持Digital Ocean VPS,创建一个DNS A记录
axiom-dns ls # List domainsaxiom-dns ls # List records for domainaxiom-dns add axiom-dns add cisco navisec.xyz 167.71.89.136 # Example, this will create a record cisco.navisec.xyz pointing to 167.71.89.136
初始化一个集群
axiom-fleet -i 13 # Initialize a fleet, name it randomlyaxiom-fleet testy -i 8 # Initialize a fleet named "testy", instances will be named, testy01, test02 etcaxiom-fleet testy -i 10 --regions nyc1,lon1,ams3,fra1 # Initialize a fleet using round-robin region distribution
集群扫描
axiom-select "fleet*" # fleets should be already selected, but just in case, select can be a good idea# Formataxiom-scan -m -o # Examplesaxiom-scan subs.txt -m httpx -o http.txt #httpx moduleaxiom-scan http.txt -m nuclei -o nuclei.txt # nuclei module, find vulnsaxiom-scan http.txt -m gowitness -o screenshots # gowitness, take screenshotsaxiom-scan subs.txt -m dnsprobe -o dns.txt # Run dnsprobeaxiom-scan ips.txt -m nmap -oG portscan.txt #nmapaxiom-scan ips.txt -m nmap -oX portscan # Will create both portscan.xml & portscan.htmlaxiom-scan ips.txt -m nmap -oX full -p- -T5 -sV --script=vulners #Will create full.xml, will pass all args to nmap commandaxiom-scan ips.txt -m masscan -oG masscan.txt #Run masscan
Description: Spin up fleets of axiom instances in one or multiple regions. Specify the name of your fleet (fleet prefix) or have axiom choose for you.Examples: axiom-fleet # Spin up three instances, let axiom decide on the fleet prefix axiom-fleet javis -i 10 # Spin up 10 instances with fleet prefix javis from javis01 to javis10 axiom-fleet jerry -i 25 --regions nyc1,lon1,ams3,fra1 # Spin up 25 instances using Round-robin region distributionUsage: -i/--instances The number of instances to spin up -r/--regions (optional) Supply comma-separated regions to cycle through (default is region in ~/.axiom/axiom.json) --help (optional) Display this help menu
一对多:一个包含多个目标的文件被拆分到集群各个实例中进行工作。多对一:集群多个实例对同一目标进行分布式工作(将字典拆分后同时进行)
举例说明:puredns-bruteforce模块如下:
[{ "command":"/home/op/go/bin/puredns bruteforce /home/op/lists/seclist/Discovery/DNS/dns-Jhaddix.txt --domains input --resolvers /home/op/lists/resolvers.txt | tee output", "ext":"txt"}]
这里targets.txt就会进行拆分和上传到各个实例,并在命令中替代到input位置
axiom-scan targets.txt -m puredns-bruteforce -o result.txt
puredns-bruteforce模块如下:
[{ "command":"/home/op/go/bin/puredns bruteforce input tesla.com --resolvers /home/op/lists/resolvers.txt | tee output", "ext":"txt"}]
可见相比之前对module进行了修改,input位置是字典文件,目标则硬编码到module中。
axiom-scan bitquark-subdomains-top100000.txt -m puredns-single -o my-horizontal-results
也可以不将目标硬编码到module,如下:
[{ "command":"/home/op/go/bin/puredns bruteforce input --resolvers /home/op/lists/resolvers.txt | tee output", "ext":"txt"}]
axiom-scan bitquark-subdomains-top100000.txt -m puredns-single tesla.com -o myoutput.txt
这里,tesla.com目标作为额外参数,传入命令中了。
axiom-scan
_ ____ __ __(_)___ ____ ___ ______________ _____ / __ `/ |/_/ / __ \/ __ `__ \______/ ___/ ___/ __ `/ __ \ / /_/ /> / /_/ / / / / / /_____(__ ) /__/ /_/ / / / / \__,_/_/|_/_/\____/_/ /_/ /_/ /____/\___/\__,_/_/ /_/ @pry0cc & @0xtavian axiom-scan provides easy distribution of arbitrary binaries and scripts.axiom-scan splits user-provided input files (target lists), wordlists and configuration files and uploads them to a unique scan working directory on the remote instance.axiom-scan combines user-provided command-line arguments with commands in the module and executes the final command on the remote instance.axiom-scan downloads and merges scan output in a variety of differnet formats, specified by the extention in the module (dir, txt, csv, xml).individual scanning operations are executed from a detacted tmux session (\$module+\$timestamp) inside a unique scan working directory (/home/op/scan/\$module+\$timestamp) on the remote instances.Usage: axiom-scan inputfile.txt -m ffuf -w /home/op/wordlist-on-remote-instance axiom-scan inputfile.txt -m ffuf -wL /home/localuser/local-wordlist-to-upload axiom-scan inputfile.txt -m ffuf -wD /home/localuser/local-wordlist-to-split-and-upload axiom-scan inputfile.txt -m nuclei -w /home/op/nuclei-templates -o outputfile.txt axiom-scan inputfile.txt -m nuclei --nuclei-templates /home/localuser/local-custom-nuclei-template-folder/ -anew outputfile.txt axiom-scan inputfile.txt -m gowitness --spinup 10 -oD gowitness-screenshots axiom-scan inputfile.txt -m nmapx -p- -sV -T4 -v --open -oA nampx-scanFlags:INPUT: string[] required positional first argument must always be an input file, this can be a list of URLs, IPs, hostnames, etc --dont-split do not split input file, upload entire input file to every instance (default is to split the input file) --dont-shuffle do not randomize input file before uploading (default is to randomize)MODULE: -m string[] the axiom-scan module to use with the scan --list print all available modulesWORDLIST: -w string[] replace _wordlist_ in module with user-provided wordlist (must be a path to a remote wordlist) -wL string[] replace _wordlist_ in module with user-provided local wordlist ( must be a path to a local wordlist) -wD,--distribute-wordlist string[] replace _wordlist_ in module with user-provided local wordlist to split and upload (default does not split the wordlist) --nuclei-templates string[] replace _wordlist_ in module with user-provided local folderCONFIGURATIONS: --config string[] replace _config_ in module with user-provided configuration file (must be a configuration file on the remote instances) --local-config string[] replace _config_ in module with user-provided local configuration file to upload ( must be a local configuration file)OPTIMIZATIONS: --skip-preflight do not automatically remove instances that cant be reached (default removes instances from the queue that cant be reached) --preflight-timeout int[] specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default 10 seconds --max-runtime DURATION[] kill scan if still running after DURATION. DURATION is a floating point number with an optional suffix: "s" for seconds (the default), "m" for minutes, "h" for hours or "d" for days. --disable-oneshot by default, if a module contains the string _target_ it is executed as a one-shot module. Use this flag to force disableOUTPUT: -o string[] output as default (the first ext mentioned in the module) -oD/-oA string[] output as directory (must also be supplied in the module using "ext":"dir" or "ext":"") -oX string[] output as XML/HTML (supported for nmap and masscan)(must also be supplied in the module using "ext":"xml") -oG string[] output as greppable, merge and sort unique (must also be supplied in the module using "ext":"oG") -csv string [] output as csv, extract csv header, merge and sort unique (must also be supplied in the module using "ext":"csv") -anew string[] pipe the output to anew before creating the final output file --quiet do not display findings to terminal --rm-logs delete remote and local logs after scan completesFLEET: --fleet string[] supply fleet prefix to use (default uses instances in $HOME/.axiom/selected.conf) --spinup int[] number of instances to spin up prior to scanning (default uses instances in $HOME/.axiom/selected.conf) --rm-when-done delete the selected instances after the scan completes --shutdown-when-done shutdown the selected instance after the scan completes -F string[] path to custom SSH config file (default is located at $HOME/.axiom/.sshconfig) --cache do not regenerate SSH config prior to scan, instead use cached config (located at $HOME/.axiom/.sshconfig)DEBUG: --debug run with set -xv, warning: very verboseEXTRA ARGS: string[] supply additional arguments to be passed to the module
# 获取子域名axiom-scan roots.txt -m subfinder -o subs.txt --threads 3# 通过子域名解析IPaxiom-scan subs.txt -m dnsx -resp -o dns.txt # 提取IPcat dns.txt | awk "{ print $2 }" | anew ips.txt# 去除掉CloudFlare的IPcat ips.txt | cf-check > ips.txt# 端口扫描axiom-scan ips.txt -m masscan -oX masscan.xml -rate=100000axiom-scan ips.txt -m nmap -oG nmap.txt -T4 -p- -sVaxiom-scan ips.txt -m nmap -oX nmap.xml -T4 -p- -sV# 解析nmap.xml,输出为ip:hostports.py nmap.xml | anew hosts.txt# httpx发送http请求测试存活axiom-scan hosts.txt -m httpx -o http.txt# web截图axiom-scan http.txt -m gowitness -o screenshots# 扫目录axiom-scan http.txt -m ffuf -o content.csv --threads 2
使用masscan扫描
axiom-scan ips.txt -m masscan -p80,443 -o masscan.txt
提供给axom-scan的任何参数都会自动传递给底层命令,比如:
axiom-scan ips.txt -m masscan -p80,443,8080 --rate=100000 --banners -o masscan-banners-fast.txt
一旦你有了一个集群,并且选择了它(axiom-select),你就可以使用axiom-scan。axiom-scan是一个工具,允许你在你的集群中执行类似扫描的操作。它至少需要一个参数,这个参数应该是一个可以在本地目录下访问的输入文件,其中有一个目标列表。
你的输入文件中的内容取决于你要运行的扫描的类型。您可以通过使用不同的axom-scan模块来修改扫描行为,这些模块位于~/.axom/modules/,是详细说明扫描行为的简单JSON文件。
你可以使用-m
axiom-scan domains.txt -m subfinder -o subf.txt --threads 1
假设你的域名列表大于你的集群中的实例数量,它将把域名拆开,无论你在一个集群中有多少个实例。如果你有3个实例,它将把你的infile拆成3个并全部上传。
一旦上传,它将运行你的模块代码,下载输出,然后分类并将输出合并到一个单一的输出文件。
axiom-scan subsf.txt -m httpx -o http.txt
使用上述命令,我们可以对我们的子域运行httpx,并得到一个URLS的列表。
分布式信息收集扫描工具框架,一键创建云上多实例分布式扫描。githu...
4月15日,A股上市公司华丰股份发布2022年全年业绩报告。其中,净利...
证券时报e公司讯,据商务部网站,2023年4月11日,美国Ouster,Inc ...
证券时报e公司讯,仕净科技4月14日晚间公告,近日,公司与长江医药...
生意社获悉,4月14日,山东昌邑石化有限公司加氢石脑油自提报价8053...
华南地区醋酸市场整理上行,出厂价报3100元 吨左右自提,原料甲醇...
4月14日,张家港保税区泛亚国际贸易有限公司TDI价格上调,科思创上...
4月14日,生意社丁二烯基准价为8384 44元 吨,与本月初(8551 11...
4月14日,生意社聚合MDI基准价为15080 00元 吨,与本月初(15860 ...
4月14日,常熟市鸿嘉氟科技有限公司冰晶石报价平稳,合成冰晶石价格...
4月14日,生意社1,4-丁二醇基准价为10800 00元 吨,与本月初(1050...
中证网讯(记者张鹏飞)4月14日,北交所公司海能未来技术集团股份有限...
同花顺F10数据显示,2023年4月14日冰轮环境(000811)新增“一季报...
步步高(002251)04月12日在投资者关系平台上答复了投资者关心的问题。
伴随着技术突破和国产替代,国内半导体设备厂商在2022年普遍取得了...
宁夏建材(600449)04月14日在投资者关系平台上答复了投资者关心的问题。
4月以来,场内776只交易型开放式指数基金(ETF)份额整体减少超91 81...
卧室的隔音效果如果不好,不仅会影响到晚上睡眠质量,家里稍微有点...
政策给力,销路拓宽,农民种粮底气更足春耕春管时节,河南省安阳市...
格隆汇4月14日丨摩根士丹利发表研究报告指,预计腾讯上季收入及非通...
同花顺(300033)金融研究中心4月14日讯,有投资者向国能日新(3011...
证券时报e公司讯,三生国健4月14日晚间公告,重组抗IL-4Rα人源化单...
同花顺(300033)金融研究中心4月14日讯,有投资者向一汽解放(0008...
格隆汇4月14日丨中国重汽尾盘涨超6%,现报11 72港元,总市值323 6...
中新网南宁4月14日电 题:综述:广西为残疾人就业“铺路搭桥” “...
交易商品牌 产地交货地最新报价环戊烷 99 7%一级品潍坊义信化工...
交易商品牌 产地交货地最新报价瓜尔胶羟丙基三甲基氯化铵 食品级...
交易商品牌 产地交货地最新报价六水氯化铝 铝含量≥95山东锦礼化...
交易商品牌 产地交货地最新报价COD去除剂非屏蔽剂 含量99%山东科...
交易商品牌 产地交货地最新报价亚麻油 99 9%山东蓝仕新材料有限...
X 关闭
X 关闭