Costs: While Ax is free and open-source, spinning up servers requires a cloud account.
The Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes.
Ax includes a set of Packer Provisioner files to choose from (JSON or HCL), or you can create your own (recommended).
Whichever Packer Provisioner you select, Ax installs your tools of choice into a "base image". Then using that image, you can deploy fleets of fresh instances (cloud hosted compute devices). When building an image using the Default Provisioner, you can connect and immediately access a wide range of tools useful for both Bug Hunting and Penetration Testing.
Various Ax Utility Scripts streamline tasks like spinning up and deleting fleets of instances, parallel command execution and file transfers, instance and image backups, and many other operations.
Ax Framework leverages the power of ephemeral, automated infrastructure to make cloud-based scanning operations fast and efficient. With Ax, you can quickly spin up disposable cloud instances, distribute your scanning workloads, and manage large-scale operations with ease. The framework supports running arbitrary binaries and scripts, determined by the specific Packer Provisioner you select and Module you use.
Once Ax is set up and configured, you can deploy a fleet of 50-100+ instances in just minutes, distribute a highly parallelized scan against a large scope of targets, and deliver rapid, reliable results. This functionality is known as ax scan.
Ax attempts to follow the Unix philosophy by providing building blocks that allow users to easily orchestrate one or many cloud instances. This flexibility enables the creation of continuous scanning pipelines and the execution of general, one-off, highly parallelized workloads.
Currently Digital Ocean, IBM Cloud, Linode, Azure, AWS, Hetzner and GCP are officially supported cloud providers.
Bash: Ax is predominantly written in Bash! This makes it easy to contribute to, and it was chosen because early versions were rapidly prototyped in this language.
Feel free to join us on discord! https://discord.com/invite/c6BHVfn
We've put together some helpful guides so you can quickly familiarize yourself with the different aspects of Ax.
π οΈAx Utility ScriptsπBring Your Own ProvisionerβοΈFleetsπScansπ€Modulesπ€Adding Simple Modulesπ―Adding One-Shot ModulesπMerging and Module ExtensionsβοΈHorizontal vs Vertical Scalingπ€ResponsibilityπTerminologyLast updated