Skip to content

Filesystem Utilities

Octavian edited this page Mar 16, 2022 · 23 revisions

Filesystem Utilities

Filesystem utilities to help you interact with axiom instances!

axiom-configure

Setup and configure the axiom controller and validate cloud account 💻

axiom-configure usage
▄▄▄      ▒██   ██▒ ██▓ ▒█████   ███▄ ▄███▓
▒████▄    ▒▒ █ █ ▒░▓██▒▒██▒  ██▒▓██▒▀█▀ ██▒
▒██  ▀█▄  ░░  █   ░▒██▒▒██░  ██▒▓██    ▓██░
░██▄▄▄▄██  ░ █ █ ▒ ░██░▒██   ██░▒██    ▒██
▓█   ▓██▒▒██▒ ▒██▒░██░░ ████▓▒░▒██▒   ░██▒
▒▒   ▓▒█░▒▒ ░ ░▓ ░░▓  ░ ▒░▒░▒░ ░ ▒░   ░  ░
▒   ▒▒ ░░░   ░▒ ░ ▒ ░  ░ ▒ ▒░ ░  ░      ░
░   ▒    ░    ░   ▒ ░░ ░ ░ ▒  ░      ░
    ░  ░ ░    ░   ░      ░ ░         ░

The Dynamic Infrastructure Framework for Everybody - @pry0cc & @0xtavian

We are lucky enough to be sponsored by the awesome SecurityTrails! 
Sign up for your free account here! https://securitytrails.com/app/account?utm_source=axiom

Description:
Examples:                                                                                                                                                                                                                                  
axiom-configure # kick off axiom configuration wizard
axiom-configure --shell Zsh # Set default shell to Zsh via command line
axiom-configure --config <axiom.json config data> # Use plaintext axiom.json data for account setup TODO: support axiom.json as a file
axiom-configure --shell BASH --unattended --config <axiom.json config data>  # Use bash for default shell, do not promot, use plaintext axiom.json data for account setup
Usage:
--config <axiom.json data>
  Setup account with data supplied from the command line (must be vaild data from axiom.json wrapped in single quotes)
--unattended (optional)
  Avoid any promots, defaults to Oh My Zsh unless --shell argument is also provided
--shell <Bash, Zsh, OMZ (Oh My Zsh)> (optional)
  Choose bash/zsh to add axiom to .bashrc/.zshrc. OMZ installs Oh My Zsh and overwrites .zshrc
--help
  Display this help menu
axiom-configure

You can provide your config inline or after running axiom-configure.

axiom-configure --shell bash --unattended --config { "do_key": "[redacted]", "region": "nyc1", "provider": "do", "default_size": "s-1vcpu-1gb", "appliance_name": "", "appliance_key": "", "appliance_url": "", "email": "", "op": "[redacted]", "imageid": "axiom-default-myimageid", "provisioner": "default", "sshkey": "id_rsa" }

To get your account.json config file in this format run: cat ~/.axiom/accounts/do.json | tr '\n' ' ' | tr -s ' '


axiom-build

Pick a Packer provisioner 🐣

You must run axiom-configure before anything else. This creates your axiom.json file which is required by other commands.

axiom-build default

You can provide your provisioner inline or after running axiom-build.

We currently offer three different base provisioner files, and 2 custom provisioner file to build images.

  • Default is our latest iteration of axiom provisioners. It comes with all tools installed and has been optimized for readability. Recommended for axiom-fleet.
  • ReconFTW provisioner includes all tools in ReconFTW and works with most modules. Recommended for ReconFTW.
  • Barebones is our decently secure base install, comes with Docker, Go-lang, Interlace and nmap installed. Recommended for templating.

Custom Images:

  • Classic provisioner works with most modules and was the first iteration of axiom provisioner files.
  • Light provisioner comes with zsh and a few other minor adjustments over the barebones provisioner.

  • If you want to bring-your-own Packer JSON provisioner, select custom. Make sure your packer json is placed in ~/.axiom/images/provisioners

axiom-images

Manage images/snapshots with axiom-images 💿

axiom-images usage
Examples: axiom-images ls && axiom-images rm axiom-barebones-1634682130 && axiom-images use axiom-default-1634682131
Usage:
ls                                      List snapshots created
get                       Display info about the current image
use | set              Use snapshot for axiom-init/axiom-fleet
rm                                Remove snapshot from account
help | --help | -h                        Print this help menu
axiom-images ls # List available images
axiom-images use <image name> # Replace image used for axiom-init/axiom-fleet with user provided image name 
axiom-images rm <image name> # Delete image by name

axiom-init

Initialize a single instance 🌱

axiom-init usage
Description:
Initialize one axiom instance with differnet options, such as image, region, size and axiom deployment profile
Examples:
axiom-init # provision instance with random name
axiom-init --deploy desktop # provision instance with random name, then deploy axiom profile 'desktop'
axiom-init testy01 # provision instance named testy01
axiom-init stok01 --region nyc3 --image axiom-barebones-1635920849 --size s-1vcpu-2gb --deploy desktop --shell
Usage:
<name> string (optional)
  Name of the instance, supplied as a positional first argument
--image <image name>
  Manually set the image to use (default is imageid in ~/.axiom/axiom.json)
--region <region>
  User specified region to use (default is region in ~/.axiom/axiom.json)
--deploy <profile>
  Deploy a profile after initialization (e.g desktop, openvpn, bbrf, wireguard)
--shell (optional)
  Connect to instance after initialization
--size <vm size>
  VM size to use  (default is size in ~/.axiom/account/account.json)
--no-select (optional)
  Dont select instance after initialization (default is to select instance)
--domain <example.com>
  Manually specify the domain to use (default is specified by cloud provider)
--restore <backup>
  Initialize with a previous backup
--help
  Display this help menu
axiom-init <name> # Init
axiom-init <name> --deploy=<profile> --restore=<box> # Init & deploy & restore 
#Note: profile argument is file name is without .json

the --deploy option allows you to deploy a profile (stored in ~/.axiom/profiles/). --restore will restore a profile. These options can be used together.


axiom-exec

Execute a command against an Instance 🤖

axiom-exec usage
Description:
Evaluate shell one-liners or execute single commands on one or more instances in parallel                                                                                                                       
Expand local and remote environment variables respectively                                                                                                                                                      
Specify the fleet prefix, or let axiom use selected.conf by default (located in ~/.axiom/selected.conf)                                                                                                         
Optionally execute command(s) in a detached tmux session on the remote instances (commands run in the background)                                                                                               
Temporarily prevent axiom's SSH key regeneration and instead connect with a cached SSH config (default is ~/.axiom/.sshconfig)                                                                                  
Examples:                                                                                                                                                                                                         
axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
Usage:
<commands> required string
  Command(s) to run on the remote axiom instances, multiple commands can be wrapped in single or double quotes, but not required
-f/--fleet <fleet prefix>
  Fleet prefix to execute on (default is ~/.axiom/selected.conf). Automatic wildcard support
-i/--instance <instance name>
  Single instance to execute on
--tmux <optional tmux session name>
  Execute commands in a detacted tmux session (commands run in the background). The default tmux session name is axiom-exec+$TIMESTAMP, or supply a custom tmux session name
--sshconfig <sshconfig_file> (optional string)
  Path to axiom's SSH config (default is ~/.axiom/.sshconfig)
-q/--quiet
  Disable progress bar, and reduce verbosity
--debug
  Enable debug mode (VERY VERBOSE!)
--cache
  Temporarily do not generate SSH config and instead connect with cached SSH config
--logs
  Do not delete logs (logs will be stored in ~/.axiom/logs/exec/axiom-exec$TIMESTAMP)
--help
  Display this help menu

  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
  axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)

axiom-ssh

Connect to an instance - axiom-ssh or axiom-connect 🔗

axiom-ssh usage
Description:
axiom-ssh dynamically generates axiom's SSH config based on your cloud inventory.
axiom-ssh allows you to connect to your axiom instances over their public or private network interface.
axiom-ssh can drop you right into a freshly created tmux session on the remote instance, and can be used to
attach to a preexisting tmux session.
All additional SSH args are passed to SSH.
Examples:
axiom-ssh testy01 # SSH into instance testy01
axiom-ssh testy01 --tmux mysession1 # SSH into instance testy01 and spawn or attach to session named mysession1
axiom-ssh --just-generate # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with public Ip details
axiom-ssh --just-generate private # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with private Ip details
axiom-ssh --just-generate cache # Never regenerate axiom's ssh config
axiom-ssh testy01 -L 8080:127.0.0.1:8080 -D 4040  # Port-forward 8080 to local port 8080 and dynamically port foward port 4040 to testy01
Usage:
<instance name> required string
  Instance name supplied as a positional first argument
--mosh/-m <instance name> (optional)
  Connect with mosh
--just_generate <public, private, cache> (optional)
  Specify when to generate the SSH config file and what IPs to use. Options are public, private, cache ( default is public )
--tmux <tmux session name to create>
  Connect to your instance and start new tmux session. If you dont include a session name one will be chosen automatically for you
--tmux-attach/-t <tmux session> (optional)
  Connect to your instance and attach to tmux session by name
--cache (optional)
  Temporarily do not generate SSH config and instead connect with cached SSH config
--help (optional)
  Display this help menu
<additional args>
  All additional SSH args are passed to SSH. If you want additional arguments supplied to your command, simply append them to the command
  example: axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040
axiom-connect #automatically connects to list initialized instance
axiom-connect <name>
axiom-ssh <name> <ssh args>
axiom-ssh <name> --tmux
axiom-ssh <name> -m -t=<tmux session> # Connect with mosh and attach to tmux session
axiom-ssh <name> -m -t=main-15
axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040 # All additional SSH args are passed to SSH
axiom-ssh <name> --cache # Don't generate ssh config, just connect with cache
axiom-ssh --just-generate # Will populate the SSH config at ~/.axiom/.sshconfig with public IPs instances on the account
axiom-ssh --just-generate private # Will populate the SSH config at ~/.axiom/.sshconfig with private IPs instances on the account
axiom-ssh --just-generate cache # Will permanently avoid regenerating the SSH configs. To revert run: axiom-ssh --just-generate public or just axiom-ssh --just-generate

axiom-backup

Backup an initialized instance to the cloud 🧳 axiom-backup

> After running axiom-init you can set up config files, unique wordlists, private tools etc, take a snapshot of that image and use it to deploy future axiom instances/fleets. 

---
# axiom-sync
**Backup the home directory of an initialized instance to the local filesystem** :arrows_counterclockwise:

```bash
axiom-sync instance01

This allows you to download a copy of everything in an axiom instance to the local filesystem


axiom-power

Power on, off and reboot instances and fleets with axiom-power. 🔌

axiom-power usage
Usage: axiom-power on 'rez\*'  #turns on instances starting with 'rez'
axiom-power off '\*'    #turns off all instances
Examples:
on                             Power on instance by instance name
off                           Power off instance by instance name 
reboot                           Reboot instance by instance name
help | --help | -h                           Print this help menu
axiom-power on 'rez\*' # Power on all instances in fleet named rez
axiom-power off 'rez\*' # Power off rez fleet
axiom-power reboot 'rez\*' # Reboot rez fleet

axiom-rm

Remove one or more axiom instances

axiom-rm <name> # Delete box by specifying the name
axiom-rm <name> -f # Forcibly delete box by specifying the
axiom-rm <name>\* # Delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm <name>\* -f # Forcibly delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm '\*' # Delete all instances on the account. Must be wrapped in single quote and escape the asterisk. 
axiom-rm '\*' -f # Forcibly delete all instances on the account. Must be wrapped in single quote and escape the asterisk. 


axiom-boxes

List all box backups 🧠

axiom-boxes ls # List boxes
axiom-boxes ls --archive # List archived boxes
axiom-boxes new <box> # Create a blank box backup
axiom-boxes rm <box> # Delete a box backup 
axiom-boxes archive <box>  # Archive a box (tarball & gpg -e)
axiom-boxes unarchive <box> # Unarchive (from ~/.axiom/archives/), gpg decrypts
axiom-boxes get pry0cc/lazy # Get a box from  github, username/repo

Using the archive option will convert the box to a tarball and encrypt using the email specified in your account ~/.axiom/accounts/*.json


axiom-region

Switch to a new region 🧭

axiom-region ls # lists regions
axiom-region select <region> # select region

axiom-region select ams2

axiom-account

Manage user accounts 📛

axiom-account-setup # Setup a new account
axiom-account # No args, list available accounts
axiom-account <account> # Select/Switch to the specified account

axiom-scp

Copy files to and from hosts ⤴️

axiom-scp usage
--cache (optional)
  Do not regenerate SSH config
-F (string)
  Path of custom SSH config file to use
Example Usage: axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt' --cache
  Copy a remote file from all instances in myfleet to local folder. Do no generate SSH config
  $name must be wrapped single quotes. $name is a required literal string and gets interpolated from the instance name.
Example Usage: axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt' 
  Copy a remote file from one instance 'myfleet05' to a local file
Example Usage: axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt 
  Copy a local file to all instances in myfleet
Example Usage: axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates 
  Copy a local folder to all instances in myfleet

Copy a remote file from all instances in myfleet to local file. '$name' must be wrapped single quotes. '$name' is a required literal string and gets interpolated from the instance name.

axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt'

Copy a remote folder from all instances in myfleet to local folder. '$name' must be wrapped single quotes. '$name' is a required literal string and gets interpolated from the instance name.

axiom-scp 'myfleet*':/home/op/myfile/ '~/local/folder/$name'

Copy a remote file from one instance 'myfleet05' to a local file

axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt'

Copy a local file to all instances in myfleet, for example uploading a custom wordlist

axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt

Copy a local folder to all instances in myfleet, for example uploading a folder of custom nuclei templates

axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates 

axiom-select

Deploy a profile 🦾

axiom-select '<instance>'
axiom-select 'testy*'  # Testy is an example of a fleet
axiom-deploy openvpn # Install openvpn against host or fleet
axiom-deploy covenant # Install covenant

All profiles can be found in ~/.axiom/profiles

Connect to a remote axiom instance Docker (over ssh)

axiom-select <instance>
. axiom-docker # Not a typo, the . means source
docker ps

axiom-vpn

Connect to an OpenVPN Server Deployed by Axiom 📶

axiom-vpn <instance>

axiom-proxy

Proxy through a set of hosts (or one) 🔀

axiom-proxy '<fleet>*'
axiom-proxy '<instance>'
axiom-proxy 'testy*'
proxychains4 curl -s ipinfo.io

This will SSH tunnel all hosts to a range of local ports, 127.0.0.1:5000-50100, then generate a proxychains configuration file to ./proxychains.conf


axiom-dns

Create a DNS A record Currently only supported by Digital Ocean

axiom-dns ls # List domains
axiom-dns ls <domain> # List records for domain
axiom-dns add <subdomain> <domain> <ip address>
axiom-dns add cisco navisec.xyz 167.71.89.136 # Example, this will create a record cisco.navisec.xyz pointing to 167.71.89.136 

Domain names can be hosted in DigitalOcean (https://cloud.digitalocean.com/networking/domains?)


axiom-fleet

Initialize a fleet 🚀

axiom-fleet usage
Description:
Spin up fleets of axiom instances in one or multiple regions.
Specify the name of your fleet (fleet prefix) or have axiom choose for you.
Examples:
axiom-fleet # Spin up three instances, let axiom decide on the fleet prefix
axiom-fleet javis -i 10 # Spin up 10 instances with a fleet prefix of javis, this will create 10 instances named javis01 to javis10.
axiom-fleet jerry -i 25 --regions nyc1,lon1,ams3,fra1 # Spin up 25 instances using round robbin region distribution
Usage:
-i/--instances <integer>
  The number of instances to spin up
-r/--regions <regions> (optional)
  Supply comma-separated regions to cycle through ( default get region from ~/.axiom/axiom.json)
--help (optional)
  Display this help menu
axiom-fleet -i 13 # Initialize a fleet, name it randomly
axiom-fleet testy -i 8 # Initialize a fleet named 'testy', instances will be named, testy01, test02 etc
axiom-fleet testy -i 10 --regions nyc1,lon1,ams3,fra1 # Initialize a fleet using round-robin region distribution  

axiom-scan

Scanning using a fleet 🚀

axiom-scan usage
            _
____ __  __(_)___  ____ ___        ______________ _____                                                                                                                                                                                   
/ __ `/ |/_/ / __ \/ __ `__ \______/ ___/ ___/ __ `/ __ \                                                                                                                                                                                  
/ /_/ />  </ / /_/ / / / / / /_____(__  ) /__/ /_/ / / / /                                                                                                                                                                                  
\__,_/_/|_/_/\____/_/ /_/ /_/     /____/\___/\__,_/_/ /_/                                                                                                                                                                                   
                                                                                                                                                                                                                                          
                                  @pry0cc                                                                                                                                                                                                 
                               & @0xtavian                                                                                                                                                                                                
                                                                                                                                                                                                                                          
axiom-scan provides easy distribution of arbitrary binaries and scripts.
axiom-scan splits and uploads user-provided input files (target lists), wordlists and configuration files to every instance.
axiom-scan executes the same command across all instances, which can be found in the module.
axiom-scan downloads and merges scan output in a variety of different ways, specified in the module (folder, merged text file, csv etc).
individual scans are executed in the background, inside a unique tmux session and scan working directory on the remote instances

Usage:
 axiom-scan inputfile.txt -m ffuf -w /home/op/wordlist-on-remote-instance
 axiom-scan inputfile.txt -m ffuf -wL /home/localuser/local-wordlist-to-upload
 axiom-scan inputfile.txt -m ffuf -wD /home/localuser/local-wordlist-to-split-and-upload
 axiom-scan inputfile.txt -m nuclei -w /home/op/nuclei-templates -o outputfile.txt
 axiom-scan inputfile.txt -m nuclei --nuclei-templates /home/localuser/local-custom-nuclei-template-folder/ -anew outputfile.txt
 axiom-scan inputfile.txt -m gowitness --spinup 10 -oD gowitness-screenshots
 axiom-scan inputfile.txt -m nmapx -p- -sV -T4 -v --open -oA nampx-scan

Flags:
INPUT:
 string[]              the first positional argument must always be an input file, this can be a list of URLs, IPs, hostnames, etc
 --dont-split          do not split input file, upload entire input file to every instance (default is to split the input file)
 --dont-shuffle        do not randomize input file before uploading (default is to randomize)

MODULE:
 -m string[]           the axiom-scan module to use with the scan
 --list                print all available modules

WORDLIST:
 -w string[]                           replace _wordlist_ in module with user-provided wordlist (must be a path to a remote wordlist)
 -wL string[]                          replace _wordlist_ in module with user-provided local wordlist ( must be a path to a local wordlist)
 -wD,--distribute-wordlist string[]    replace _wordlist_ in module with user-provided local wordlist to split and upload (default does not split the wordlist)
 --nuclei-templates string[]           replace _wordlist_ in module with user-provided local folder

CONFIGURATIONS:
 --config string[]           replace _config_ in module with user-provided configuration file (must be a configuration file on the remote instances)
 --local-config string[]     replace _config_ in module with user-provided local configuration file to upload ( must be a local configuration file)

OUTPUT:

 -o string[]          output as default (the first ext mentioned in the module) 
 -oD string[]         output as directory (must also be supplied in the module using "ext":"dir" or "ext":"")
 -oX string[]         output as XML/HTML (supported for nmap and masscan)(must also be supplied in the module using "ext":"xml")
 -oG string[]         output as greppable, merge and sort unique (must also be supplied in the module using "ext":"oG")
 -csv string []       output as csv, extract csv header, merge and sort unique (must also be supplied in the module using "ext":"csv")
 -anew string[]       pipe the output to anew before creating the final output file
 --quiet              do not display findings to terminal
 --rm-logs            delete remote and local logs after scan completes

FLEET:
 --fleet string[]            supply fleet prefix to use (default uses instances in /root/.axiom/selected.conf)
 --spinup int[]              number of instances to spin up prior to scanning (default uses instances in /root/.axiom/selected.conf)
 --rm-when-done              delete the selected instances after the scan completes
 --shutdown-when-done        shutdown the selected instance after the scan completes
 -F string[]                 path to custom SSH config file (default is located at /root/.axiom/.sshconfig)
 --cache                     do not regenerate SSH config prior to scan, instead use cached config (located at /root/.axiom/.sshconfig)

DEBUG:
 --debug              run with set -xv, warning: very verbose

EXTRA ARGS:
 string[]             supply additional arguments to be passed to the module

Modules are in ~/.axiom/modules/

axiom-select 'fleet*' # fleets should be already selected, but just in case, select can be a good idea

# Format
axiom-scan <input> -m <module> -o <text outfile> <any other args>

# Examples
axiom-scan subs.txt -m httpx -o http.txt # httpx module
axiom-scan http.txt -m nuclei -o nuclei.txt # nuclei module, find vulns
axiom-scan http.txt -m gowitness -o screenshots # gowitness, take screenshots
axiom-scan subs.txt -m dnsprobe -o dns.txt # Run dnsprobe

axiom-scan ips.txt -m nmap -oG portscan.txt # nmap
axiom-scan ips.txt -m nmap -oX portscan # Will create both portscan.xml & portscan.html
axiom-scan ips.txt -m nmap -oX full -p- -T5 -sV --script=vulners # Will create full.xml, will pass all args to nmap command

axiom-scan ips.txt -m masscan -oG masscan.txt # Run masscan
Clone this wiki locally