-
-
Notifications
You must be signed in to change notification settings - Fork 643
Filesystem Utilities
Octavian edited this page Mar 16, 2022
·
23 revisions
Filesystem utilities to help you interact with axiom instances!
Setup and configure the axiom controller and validate cloud account 💻
axiom-configure usage
▄▄▄ ▒██ ██▒ ██▓ ▒█████ ███▄ ▄███▓
▒████▄ ▒▒ █ █ ▒░▓██▒▒██▒ ██▒▓██▒▀█▀ ██▒
▒██ ▀█▄ ░░ █ ░▒██▒▒██░ ██▒▓██ ▓██░
░██▄▄▄▄██ ░ █ █ ▒ ░██░▒██ ██░▒██ ▒██
▓█ ▓██▒▒██▒ ▒██▒░██░░ ████▓▒░▒██▒ ░██▒
▒▒ ▓▒█░▒▒ ░ ░▓ ░░▓ ░ ▒░▒░▒░ ░ ▒░ ░ ░
▒ ▒▒ ░░░ ░▒ ░ ▒ ░ ░ ▒ ▒░ ░ ░ ░
░ ▒ ░ ░ ▒ ░░ ░ ░ ▒ ░ ░
░ ░ ░ ░ ░ ░ ░ ░
The Dynamic Infrastructure Framework for Everybody - @pry0cc & @0xtavian
We are lucky enough to be sponsored by the awesome SecurityTrails!
Sign up for your free account here! https://securitytrails.com/app/account?utm_source=axiom
Description:
Examples:
axiom-configure # kick off axiom configuration wizard
axiom-configure --shell Zsh # Set default shell to Zsh via command line
axiom-configure --config <axiom.json config data> # Use plaintext axiom.json data for account setup TODO: support axiom.json as a file
axiom-configure --shell BASH --unattended --config <axiom.json config data> # Use bash for default shell, do not promot, use plaintext axiom.json data for account setup
Usage:
--config <axiom.json data>
Setup account with data supplied from the command line (must be vaild data from axiom.json wrapped in single quotes)
--unattended (optional)
Avoid any promots, defaults to Oh My Zsh unless --shell argument is also provided
--shell <Bash, Zsh, OMZ (Oh My Zsh)> (optional)
Choose bash/zsh to add axiom to .bashrc/.zshrc. OMZ installs Oh My Zsh and overwrites .zshrc
--help
Display this help menu
axiom-configure
You can provide your config inline or after running axiom-configure.
axiom-configure --shell bash --unattended --config { "do_key": "[redacted]", "region": "nyc1", "provider": "do", "default_size": "s-1vcpu-1gb", "appliance_name": "", "appliance_key": "", "appliance_url": "", "email": "", "op": "[redacted]", "imageid": "axiom-default-myimageid", "provisioner": "default", "sshkey": "id_rsa" }
To get your account.json config file in this format run:
cat ~/.axiom/accounts/do.json | tr '\n' ' ' | tr -s ' '
Pick a Packer provisioner 🐣
You must run axiom-configure before anything else. This creates your axiom.json file which is required by other commands.
axiom-build default
You can provide your provisioner inline or after running axiom-build.
We currently offer three different base provisioner files, and 2 custom provisioner file to build images.
- Default is our latest iteration of axiom provisioners. It comes with all tools installed and has been optimized for readability. Recommended for axiom-fleet.
- ReconFTW provisioner includes all tools in ReconFTW and works with most modules. Recommended for ReconFTW.
- Barebones is our decently secure base install, comes with Docker, Go-lang, Interlace and nmap installed. Recommended for templating.
Custom Images:
- If you want to bring-your-own Packer JSON provisioner, select custom. Make sure your packer json is placed in ~/.axiom/images/provisioners
Manage images/snapshots with axiom-images 💿
axiom-images usage
Examples: axiom-images ls && axiom-images rm axiom-barebones-1634682130 && axiom-images use axiom-default-1634682131
Usage:
ls List snapshots created
get Display info about the current image
use | set Use snapshot for axiom-init/axiom-fleet
rm Remove snapshot from account
help | --help | -h Print this help menu
axiom-images ls # List available images
axiom-images use <image name> # Replace image used for axiom-init/axiom-fleet with user provided image name
axiom-images rm <image name> # Delete image by nameInitialize a single instance 🌱
axiom-init usage
Description:
Initialize one axiom instance with differnet options, such as image, region, size and axiom deployment profile
Examples:
axiom-init # provision instance with random name
axiom-init --deploy desktop # provision instance with random name, then deploy axiom profile 'desktop'
axiom-init testy01 # provision instance named testy01
axiom-init stok01 --region nyc3 --image axiom-barebones-1635920849 --size s-1vcpu-2gb --deploy desktop --shell
Usage:
<name> string (optional)
Name of the instance, supplied as a positional first argument
--image <image name>
Manually set the image to use (default is imageid in ~/.axiom/axiom.json)
--region <region>
User specified region to use (default is region in ~/.axiom/axiom.json)
--deploy <profile>
Deploy a profile after initialization (e.g desktop, openvpn, bbrf, wireguard)
--shell (optional)
Connect to instance after initialization
--size <vm size>
VM size to use (default is size in ~/.axiom/account/account.json)
--no-select (optional)
Dont select instance after initialization (default is to select instance)
--domain <example.com>
Manually specify the domain to use (default is specified by cloud provider)
--restore <backup>
Initialize with a previous backup
--help
Display this help menu
axiom-init <name> # Init
axiom-init <name> --deploy=<profile> --restore=<box> # Init & deploy & restore
#Note: profile argument is file name is without .jsonthe
--deployoption allows you to deploy a profile (stored in~/.axiom/profiles/).--restorewill restore a profile. These options can be used together.
Execute a command against an Instance 🤖
axiom-exec usage
Description:
Evaluate shell one-liners or execute single commands on one or more instances in parallel
Expand local and remote environment variables respectively
Specify the fleet prefix, or let axiom use selected.conf by default (located in ~/.axiom/selected.conf)
Optionally execute command(s) in a detached tmux session on the remote instances (commands run in the background)
Temporarily prevent axiom's SSH key regeneration and instead connect with a cached SSH config (default is ~/.axiom/.sshconfig)
Examples:
axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
Usage:
<commands> required string
Command(s) to run on the remote axiom instances, multiple commands can be wrapped in single or double quotes, but not required
-f/--fleet <fleet prefix>
Fleet prefix to execute on (default is ~/.axiom/selected.conf). Automatic wildcard support
-i/--instance <instance name>
Single instance to execute on
--tmux <optional tmux session name>
Execute commands in a detacted tmux session (commands run in the background). The default tmux session name is axiom-exec+$TIMESTAMP, or supply a custom tmux session name
--sshconfig <sshconfig_file> (optional string)
Path to axiom's SSH config (default is ~/.axiom/.sshconfig)
-q/--quiet
Disable progress bar, and reduce verbosity
--debug
Enable debug mode (VERY VERBOSE!)
--cache
Temporarily do not generate SSH config and instead connect with cached SSH config
--logs
Do not delete logs (logs will be stored in ~/.axiom/logs/exec/axiom-exec$TIMESTAMP)
--help
Display this help menu
axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)Connect to an instance - axiom-ssh or axiom-connect 🔗
axiom-ssh usage
Description:
axiom-ssh dynamically generates axiom's SSH config based on your cloud inventory.
axiom-ssh allows you to connect to your axiom instances over their public or private network interface.
axiom-ssh can drop you right into a freshly created tmux session on the remote instance, and can be used to
attach to a preexisting tmux session.
All additional SSH args are passed to SSH.
Examples:
axiom-ssh testy01 # SSH into instance testy01
axiom-ssh testy01 --tmux mysession1 # SSH into instance testy01 and spawn or attach to session named mysession1
axiom-ssh --just-generate # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with public Ip details
axiom-ssh --just-generate private # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with private Ip details
axiom-ssh --just-generate cache # Never regenerate axiom's ssh config
axiom-ssh testy01 -L 8080:127.0.0.1:8080 -D 4040 # Port-forward 8080 to local port 8080 and dynamically port foward port 4040 to testy01
Usage:
<instance name> required string
Instance name supplied as a positional first argument
--mosh/-m <instance name> (optional)
Connect with mosh
--just_generate <public, private, cache> (optional)
Specify when to generate the SSH config file and what IPs to use. Options are public, private, cache ( default is public )
--tmux <tmux session name to create>
Connect to your instance and start new tmux session. If you dont include a session name one will be chosen automatically for you
--tmux-attach/-t <tmux session> (optional)
Connect to your instance and attach to tmux session by name
--cache (optional)
Temporarily do not generate SSH config and instead connect with cached SSH config
--help (optional)
Display this help menu
<additional args>
All additional SSH args are passed to SSH. If you want additional arguments supplied to your command, simply append them to the command
example: axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040
axiom-connect #automatically connects to list initialized instance
axiom-connect <name>
axiom-ssh <name> <ssh args>
axiom-ssh <name> --tmux
axiom-ssh <name> -m -t=<tmux session> # Connect with mosh and attach to tmux session
axiom-ssh <name> -m -t=main-15
axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040 # All additional SSH args are passed to SSH
axiom-ssh <name> --cache # Don't generate ssh config, just connect with cache
axiom-ssh --just-generate # Will populate the SSH config at ~/.axiom/.sshconfig with public IPs instances on the account
axiom-ssh --just-generate private # Will populate the SSH config at ~/.axiom/.sshconfig with private IPs instances on the account
axiom-ssh --just-generate cache # Will permanently avoid regenerating the SSH configs. To revert run: axiom-ssh --just-generate public or just axiom-ssh --just-generateBackup an initialized instance to the cloud 🧳 axiom-backup
> After running axiom-init you can set up config files, unique wordlists, private tools etc, take a snapshot of that image and use it to deploy future axiom instances/fleets.
---
# axiom-sync
**Backup the home directory of an initialized instance to the local filesystem** :arrows_counterclockwise:
```bash
axiom-sync instance01This allows you to download a copy of everything in an axiom instance to the local filesystem
Power on, off and reboot instances and fleets with axiom-power. 🔌
axiom-power usage
Usage: axiom-power on 'rez\*' #turns on instances starting with 'rez'
axiom-power off '\*' #turns off all instances
Examples:
on Power on instance by instance name
off Power off instance by instance name
reboot Reboot instance by instance name
help | --help | -h Print this help menu
axiom-power on 'rez\*' # Power on all instances in fleet named rez
axiom-power off 'rez\*' # Power off rez fleet
axiom-power reboot 'rez\*' # Reboot rez fleet
Remove one or more axiom instances ❌
axiom-rm <name> # Delete box by specifying the name
axiom-rm <name> -f # Forcibly delete box by specifying the
axiom-rm <name>\* # Delete all instances that start with <name>. You must escape the asterisk.
axiom-rm <name>\* -f # Forcibly delete all instances that start with <name>. You must escape the asterisk.
axiom-rm '\*' # Delete all instances on the account. Must be wrapped in single quote and escape the asterisk.
axiom-rm '\*' -f # Forcibly delete all instances on the account. Must be wrapped in single quote and escape the asterisk.
List all box backups 🧠
axiom-boxes ls # List boxes
axiom-boxes ls --archive # List archived boxes
axiom-boxes new <box> # Create a blank box backup
axiom-boxes rm <box> # Delete a box backup
axiom-boxes archive <box> # Archive a box (tarball & gpg -e)
axiom-boxes unarchive <box> # Unarchive (from ~/.axiom/archives/), gpg decrypts
axiom-boxes get pry0cc/lazy # Get a box from github, username/repoUsing the archive option will convert the box to a tarball and encrypt using the email specified in your account
~/.axiom/accounts/*.json
Switch to a new region 🧭
axiom-region ls # lists regions
axiom-region select <region> # select region
axiom-region select ams2Manage user accounts 📛
axiom-account-setup # Setup a new account
axiom-account # No args, list available accounts
axiom-account <account> # Select/Switch to the specified accountCopy files to and from hosts
axiom-scp usage
--cache (optional)
Do not regenerate SSH config
-F (string)
Path of custom SSH config file to use
Example Usage: axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt' --cache
Copy a remote file from all instances in myfleet to local folder. Do no generate SSH config
$name must be wrapped single quotes. $name is a required literal string and gets interpolated from the instance name.
Example Usage: axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt'
Copy a remote file from one instance 'myfleet05' to a local file
Example Usage: axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt
Copy a local file to all instances in myfleet
Example Usage: axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates
Copy a local folder to all instances in myfleet
Copy a remote file from all instances in myfleet to local file.
'$name'must be wrapped single quotes.'$name'is a required literal string and gets interpolated from the instance name.
axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt'
Copy a remote folder from all instances in myfleet to local folder.
'$name'must be wrapped single quotes.'$name'is a required literal string and gets interpolated from the instance name.
axiom-scp 'myfleet*':/home/op/myfile/ '~/local/folder/$name'
Copy a remote file from one instance 'myfleet05' to a local file
axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt'
Copy a local file to all instances in myfleet, for example uploading a custom wordlist
axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt
Copy a local folder to all instances in myfleet, for example uploading a folder of custom nuclei templates
axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates
Deploy a profile 🦾
axiom-select '<instance>'
axiom-select 'testy*' # Testy is an example of a fleet
axiom-deploy openvpn # Install openvpn against host or fleet
axiom-deploy covenant # Install covenantAll profiles can be found in
~/.axiom/profiles
Connect to a remote axiom instance Docker (over ssh)
axiom-select <instance>
. axiom-docker # Not a typo, the . means source
docker psConnect to an OpenVPN Server Deployed by Axiom 📶
axiom-vpn <instance>Proxy through a set of hosts (or one) 🔀
axiom-proxy '<fleet>*'
axiom-proxy '<instance>'
axiom-proxy 'testy*'
proxychains4 curl -s ipinfo.ioThis will SSH tunnel all hosts to a range of local ports, 127.0.0.1:5000-50100, then generate a proxychains configuration file to
./proxychains.conf
Create a DNS A record Currently only supported by Digital Ocean
axiom-dns ls # List domains
axiom-dns ls <domain> # List records for domain
axiom-dns add <subdomain> <domain> <ip address>
axiom-dns add cisco navisec.xyz 167.71.89.136 # Example, this will create a record cisco.navisec.xyz pointing to 167.71.89.136 Domain names can be hosted in DigitalOcean (https://cloud.digitalocean.com/networking/domains?)
Initialize a fleet 🚀
axiom-fleet usage
Description:
Spin up fleets of axiom instances in one or multiple regions.
Specify the name of your fleet (fleet prefix) or have axiom choose for you.
Examples:
axiom-fleet # Spin up three instances, let axiom decide on the fleet prefix
axiom-fleet javis -i 10 # Spin up 10 instances with a fleet prefix of javis, this will create 10 instances named javis01 to javis10.
axiom-fleet jerry -i 25 --regions nyc1,lon1,ams3,fra1 # Spin up 25 instances using round robbin region distribution
Usage:
-i/--instances <integer>
The number of instances to spin up
-r/--regions <regions> (optional)
Supply comma-separated regions to cycle through ( default get region from ~/.axiom/axiom.json)
--help (optional)
Display this help menu
axiom-fleet -i 13 # Initialize a fleet, name it randomly
axiom-fleet testy -i 8 # Initialize a fleet named 'testy', instances will be named, testy01, test02 etc
axiom-fleet testy -i 10 --regions nyc1,lon1,ams3,fra1 # Initialize a fleet using round-robin region distribution Scanning using a fleet 🚀
axiom-scan usage
_
____ __ __(_)___ ____ ___ ______________ _____
/ __ `/ |/_/ / __ \/ __ `__ \______/ ___/ ___/ __ `/ __ \
/ /_/ /> </ / /_/ / / / / / /_____(__ ) /__/ /_/ / / / /
\__,_/_/|_/_/\____/_/ /_/ /_/ /____/\___/\__,_/_/ /_/
@pry0cc
& @0xtavian
axiom-scan provides easy distribution of arbitrary binaries and scripts.
axiom-scan splits and uploads user-provided input files (target lists), wordlists and configuration files to every instance.
axiom-scan executes the same command across all instances, which can be found in the module.
axiom-scan downloads and merges scan output in a variety of different ways, specified in the module (folder, merged text file, csv etc).
individual scans are executed in the background, inside a unique tmux session and scan working directory on the remote instances
Usage:
axiom-scan inputfile.txt -m ffuf -w /home/op/wordlist-on-remote-instance
axiom-scan inputfile.txt -m ffuf -wL /home/localuser/local-wordlist-to-upload
axiom-scan inputfile.txt -m ffuf -wD /home/localuser/local-wordlist-to-split-and-upload
axiom-scan inputfile.txt -m nuclei -w /home/op/nuclei-templates -o outputfile.txt
axiom-scan inputfile.txt -m nuclei --nuclei-templates /home/localuser/local-custom-nuclei-template-folder/ -anew outputfile.txt
axiom-scan inputfile.txt -m gowitness --spinup 10 -oD gowitness-screenshots
axiom-scan inputfile.txt -m nmapx -p- -sV -T4 -v --open -oA nampx-scan
Flags:
INPUT:
string[] the first positional argument must always be an input file, this can be a list of URLs, IPs, hostnames, etc
--dont-split do not split input file, upload entire input file to every instance (default is to split the input file)
--dont-shuffle do not randomize input file before uploading (default is to randomize)
MODULE:
-m string[] the axiom-scan module to use with the scan
--list print all available modules
WORDLIST:
-w string[] replace _wordlist_ in module with user-provided wordlist (must be a path to a remote wordlist)
-wL string[] replace _wordlist_ in module with user-provided local wordlist ( must be a path to a local wordlist)
-wD,--distribute-wordlist string[] replace _wordlist_ in module with user-provided local wordlist to split and upload (default does not split the wordlist)
--nuclei-templates string[] replace _wordlist_ in module with user-provided local folder
CONFIGURATIONS:
--config string[] replace _config_ in module with user-provided configuration file (must be a configuration file on the remote instances)
--local-config string[] replace _config_ in module with user-provided local configuration file to upload ( must be a local configuration file)
OUTPUT:
-o string[] output as default (the first ext mentioned in the module)
-oD string[] output as directory (must also be supplied in the module using "ext":"dir" or "ext":"")
-oX string[] output as XML/HTML (supported for nmap and masscan)(must also be supplied in the module using "ext":"xml")
-oG string[] output as greppable, merge and sort unique (must also be supplied in the module using "ext":"oG")
-csv string [] output as csv, extract csv header, merge and sort unique (must also be supplied in the module using "ext":"csv")
-anew string[] pipe the output to anew before creating the final output file
--quiet do not display findings to terminal
--rm-logs delete remote and local logs after scan completes
FLEET:
--fleet string[] supply fleet prefix to use (default uses instances in /root/.axiom/selected.conf)
--spinup int[] number of instances to spin up prior to scanning (default uses instances in /root/.axiom/selected.conf)
--rm-when-done delete the selected instances after the scan completes
--shutdown-when-done shutdown the selected instance after the scan completes
-F string[] path to custom SSH config file (default is located at /root/.axiom/.sshconfig)
--cache do not regenerate SSH config prior to scan, instead use cached config (located at /root/.axiom/.sshconfig)
DEBUG:
--debug run with set -xv, warning: very verbose
EXTRA ARGS:
string[] supply additional arguments to be passed to the module
Modules are in ~/.axiom/modules/
axiom-select 'fleet*' # fleets should be already selected, but just in case, select can be a good idea
# Format
axiom-scan <input> -m <module> -o <text outfile> <any other args>
# Examples
axiom-scan subs.txt -m httpx -o http.txt # httpx module
axiom-scan http.txt -m nuclei -o nuclei.txt # nuclei module, find vulns
axiom-scan http.txt -m gowitness -o screenshots # gowitness, take screenshots
axiom-scan subs.txt -m dnsprobe -o dns.txt # Run dnsprobe
axiom-scan ips.txt -m nmap -oG portscan.txt # nmap
axiom-scan ips.txt -m nmap -oX portscan # Will create both portscan.xml & portscan.html
axiom-scan ips.txt -m nmap -oX full -p- -T5 -sV --script=vulners # Will create full.xml, will pass all args to nmap command
axiom-scan ips.txt -m masscan -oG masscan.txt # Run masscan