Skip to content

Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our seven supported cloud providers.

License

Notifications You must be signed in to change notification settings

a1k-ghaz1/ax-framework-for-extreme-subdomain-recovery-

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Overview

The Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes.

Ax includes a set of Packer Provisioner files to choose from (JSON or HCL), or you can create your own (recommended).

Whichever Packer Provisioner you select, Ax installs your tools of choice into a "base image". Then using that image, you can deploy fleets of fresh instances (cloud hosted compute devices). When building an image using the Default Provisioner, you can connect and immediately access a wide range of tools useful for both Bug Hunting and Penetration Testing.

Various Ax Utility Scripts streamline tasks like spinning up and deleting fleets of instances, parallel command execution and file transfers, instance and image backups, and many other operations.

Ax Framework leverages the power of ephemeral, automated infrastructure to make cloud-based scanning operations fast and efficient. With Ax, you can quickly spin up disposable cloud instances, distribute your scanning workloads, and manage large-scale operations with ease. The framework supports running arbitrary binaries and scripts, determined by the specific Packer Provisioner you select and Module you use.

Once Ax is set up and configured, you can deploy a fleet of 50-100+ instances in just minutes, distribute a highly parallelized scan against a large scope of targets, and deliver rapid, reliable results. This functionality is known as ax scan.

Ax attempts to follow the Unix philosophy by providing building blocks that allow users to easily orchestrate one or many cloud instances. This flexibility enables the creation of continuous scanning pipelines and the execution of general, one-off, highly parallelized workloads.

Currently Digital Ocean, IBM Cloud, Linode, Azure, AWS, Hetzner and GCP are officially supported cloud providers.

Resources

Credits

Digital Ocean is still our best and most supported cloud provider. If you're signing up for a new Digital Ocean account, please use this link for a $200 free credit!

IBM Cloud is still our best supported business provider! If you're signing up for a new IBM Cloud account, please use this link for $200 free credit!

Linode is an absoutely fantastic cloud provider and fully supported! If you're signing up for a new Linode account, please use this link for $100 free credit!

Installation

The machine you install Ax on is called the Ax Controller. The Controller manages all aspects of Ax, including account setup, building your Packer image, spinning up and SSHing into instances, creating new images from existing instances, deleting instances and images, managing distributed scanning, and much more!

During the initial installation, running ax configure will trigger ax account-setup, which in turn calls ax account along with the respective cloud provider's account-helper script. Once this setup is complete, ax build is executed to create your Packer image. After the image is successfully built, you can deploy fleets of servers using ax fleet and distribute scans with ax scan!

Docker

This will create a docker container, initiate the install and setup flow, then drop you out of the docker container. Once the Packer image is successfully created with ax build, you will have to re-exec into your docker container docker exec -it $container_id zsh.

docker exec -it $(docker run -d -it --platform linux/amd64 ubuntu:latest) sh -c "apt update && apt install git -y && git clone https://github.com/attacksurge/ax/ ~/.axiom/ && cd && .axiom/interact/axiom-configure --run"

Easy Install

You should use an OS that supports our easy install.
For Linux systems you will also need to install the newest versions of all packages beforehand sudo apt dist-upgrade.

bash <(curl -s https://raw.githubusercontent.com/attacksurge/ax/master/interact/axiom-configure) --run

If you have any problems with this installer, or if using an unsupported OS please refer to Installation.

Operating Systems Supported

OS Supported Easy Install Tested
Ubuntu Yes Yes Ubuntu 22.04
Kali Yes Yes Kali 2024.2
Debian Yes Yes Debian 12
Windows Yes Yes WSL w/ Ubuntu
MacOS Yes Yes macOS 14
Arch Linux Yes No Yes

Bash: Ax is predominantly written in Bash! This makes it easy to contribute to, and it was chosen because early versions were rapidly prototyped in this language. For a detailed step-by-step walk-though of how ax scan works under the hood, its highly recommended to read the comments in the source code!


About

Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our seven supported cloud providers.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 78.3%
  • HCL 11.9%
  • Python 6.2%
  • XSLT 3.6%