Ax Utility Scripts

Utility scripts to help you interact with axiom instances!

ax

A wrapper for various axiom scripts in ~/.axiom/interact

Description:
  Welcome to the Ax Framework! You can use this wrapper to execute the various axiom scripts (located in ~/.axiom/interact/)
  To supply additional arguments to a script, simply append them to the command
  For more options, print the help menu for any script (ax init, ax fleet, ax scan, ax images, etc)
  Or you could just run the scripts without the wrapper (axiom-exec for example)
Examples:
  ax configure --setup --shell zsh --unattended  # Kick off axiom configuration wizard, add axiom to zsh path, avoid any prompts
  ax account-setup  # Kick off axiom account setup wizard
  ax account linode  # Switch to linode account (must be a valid axiom.json in ~/.axiom/accounts)
  ax build default # Build the Packer image with the Default provisioner located in ~/.axiom/images/provisioners/default.json
  
  ax init --run # Create axiom instance with random instane name
  ax fleet -i 10 -r nyc1,nyc3,fra1,sfo2 # Spin up 10 instances with random fleet prefix using Round-robin region distribution
  ax ls # List all instances on the account
  ax ssh testy01 # SSH into instance testy01
  ax select testy\* # Select all instances in testy fleet (this updates ~/.axiom/selected.conf)
  ax scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt --split # Split and upload local wordlist to all instances in myfleet
  ax scan input.txt -m nuclei --nuclei-templates /home/localuser/custom-templates/ -o outputfile.txt # Run a distributed scan, upload custom nuclei templates
  ax rm testy\* # Delete all instances in testy fleet
  ax rm '\*' # Delete all instances on the account
  
  ax images ls  # List all images on the account
  ax images create # Create a new image/snapshot of a running axiom instance
  ax images select axiom-testy01-1710180715 # Select image named axiom-testy01-1710180715 to use for future ax init and ax fleet
  
  ax sizes ls  # List all available sizes (cpu and ram) to use for instances
  ax sizes select s-4vcpu-8gb # Select new default instance size to use for future axiom-init/axiom-fleet
  
  ax power on rez\* # Power on all instances in fleet 'rez'
  ax region ls  # List available regions
  ax region select nyc1 # Select region 'nyc1' (this updates ~/axiom.json with the new region)
Usage:
  account
   Select Axiom account (axiom-account)
  account-setup
   Start Axiom account setup wizard (axiom-account-setup)
  build
   Start Axiom build wizard (axiom-build)
  configure
   Display commands to manage the configuration of axiom (axiom-configure), install dependencies, kick off axiom-account-setup and axiom-build 
  deploy
   Deploy a profile stored in ~/.axiom/profiles/ (axiom-deploy)
  exec
   Evaluate shell one-liners or execute single commands on one or more instances in parallel (axiom-exec)
  fleet
   Display commands to manage fleets (axiom-fleet)
  images
   Create a new snapshot of a running axiom instance, select the new snapshot to deploy future axiom instances/fleets, get and delete images (axiom-images)
  init
   Display commands to manage initializing one axiom instance with differnet options, such as image, region, size and axiom deployment profiles (axiom-init)
  ls
   List all instances on the account (axiom-ls)
  power
   Display commands to manage powering on or off instances by name (axiom-power)
  region
   Display commands to list regions or select a region (axiom-region)
  rm
   Remove instances from the account (axiom-rm)
  scan 
   Display commands to manange the distribution of arbitrary binaries and scripts across fleets of Axiom instances (axiom-scan)
  scp
   Display commands used to upload and download files from fleets (axiom-scp)
  select
   Select instances to use for exec and fleet (axiom-select)
  sizes
   Manage the default instance size used by axiom-init or axiom-fleet (axiom-sizes)
  ssh
   Display commands to manage Axiom's ssh config file or connect to a specific Axiom instance (axiom-ssh)
  sync
   Make a copy of an instances home directoy and sync to your local filesystem (axiom-sync)
  update
   Run 'cd ~/.axiom && git pull' to update to the latest version! (axiom-update)
  <additional args>
   To pass additional arguments to the script, simply append them to the command!

ax configure

Description:
Examples:
  axiom-configure --setup # kick off Ax configuration wizard
  axiom-configure --shell zsh # Set default shell to zsh via command line
  axiom-configure --config <personal.json file> # Use personal.json from a file for account setup
  axiom-configure --config <personal.json string> # Use personal.json data supplied by command-line for account setup (must be vaild personal.json data wrapped in single quotes)
  axiom-configure --shell bash --unattended --config <path to personal.json file>  # Use bash for default shell, do not promot, use personal.json data from file for axiom setup
Usage:
  --setup (optional)
    Start axiom-configure wizard, install dependencies, kick off axiom-account-setup and axiom-build
  --config <axiom.json data>
    Setup account with data from file or supplied from the command line (must be vaild data from a personal.json axiom file)
  --unattended (optional)
    Avoid any promots, defaults to Oh My Zsh unless --shell argument is also provided
  --shell <bash, zsh, omz (Oh My Zsh)> (optional)
    Add axiom to path, backup .zshrc/.bashrc to .zshrcbak/.bashrcbak
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help
    Display this help menu

ax configure --setup

You can provide your config file before or after running axiom-configure.

axiom-configure --setup --shell bash --unattended --config ~/.axiom/accounts/do.json

ax build

You must run axiom-configure before anything else. This creates your axiom.json file which is required by other commands.

Description:
  axiom-build supports both legacy Packer JSON files as well as the new HCL format
  axiom-build combines a cloud provider's Builder (~/.axiom/images/$format/builders) with a Provisioner (~/.axiom/images/$format/provisioners)
  to generate the final Packer file (~/.axiom/images/$format/axiom.$format)
  Using Packer, axiom-build creates an image with the tools pre-installed, as defined by the chosen Provisioner
  choose between multiple Provisioners (barebones, default, reconftw, and extras) or bring your own (custom)

  axiom-build adds your SSH key to the image, allowing you to connect to instances created using the image
  by default, it creates and uses an SSH key located at ~/.ssh/axiom_ssh.pub, but you can specify a custom SSH key if needed
Examples:
  axiom-build --run # Kick off the interactive build wizard
  axiom-build default # Build a new Packer image using the Default Provisioner
  axiom-build barebones --debug # Build a new Packer image using the Barebones Provisioner, run with --debug
  axiom-build --ssh-key ~/.ssh/id_rsa.pub # Set a custom SSH key (default is SSH key in ~/.ssh/axiom_ssh.pub)
Usage:
  <provisioner> (optional)
    Name of provisioner to build, options are barebones, default, reconftw, extras or custom (provisioner must be located in ~/.axiom/images/$format/provisioners)
  --run (optional)
    Start axiom-build setup wizard
  --legacy (optional)
    Use legacy Packer JSON Builder and Provisioner instead of pkr.hcl
  --ssh-key <file to pub key> (optional)
    Build the image using a custom SSH key (instead of using the default ssh key axiom creates ~/.ssh/axiom_ssh.pub)
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

axiom-build default

You can provide your provisioner inline or after running axiom-build.

We currently offer four different base provisioner files, and 2 custom provisioner file to build images.

ax images

Description:
  Manage images created by 'axiom-build' or 'axiom-images' with 'axiom-images'!
  After creating an image, list all images on the account 'axiom-images ls'
  Delete images on the account that are no longer needed 'axiom-images rm $image_name'
  Create a new image/snapshot from a deployed instance with 'axiom-images create' (list all deployed instances with 'axiom-ls')
  After the new image is created, or to switch to a different image on the account, select it with 'axiom-images select $image_name' to use for 'axiom-init/axiom-fleet'!
Examples:
  axiom-images ls # List all images on the account
  axiom-images get # Print details from ~/.axiom/axiom.sjon
  axiom-images rm axiom-default-1709878237 # Delete image named axiom-default-1709878237 from the account
  axiom-images create # Start 'axiom-images' image creation wizard
  axiom-images create testy01 # Skip image creation wizard and instead create image from testy01 instance
  axiom-images select axiom-barebones-1709944106 # Select image named axiom-barebones-1709944106 to use with future 'axiom-init/axiom-fleet'
Usage:
  ls (optional)
    List all images on the account 'axiom-images ls'
  get (optional)
    Print information about current account, equivalent to (cat ~/.axiom/axiom.json) 'axiom-images get'
  rm <required image name>
    Specify an image by name to delete (must be an image name from 'axiom-images ls')
  create <optional instance name>
    Kick off axiom-images creation wizard or specify an instance to create an image from 'axiom-images create $instance_name'
  select <required image name>
    Select a new image to use for future 'axiom-init/axiom-fleet', replaces 'imageid' in ~/.axiom/axiom.json with new 'imageid' (must be an image name from 'axiom-images ls')
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

axiom-images ls # List available images
axiom-images use <image name> # Replace image used for axiom-init/axiom-fleet with user provided image name 
axiom-images rm <image name> # Delete image by name
ax image create # kick off image creation wizard. Make a snapshot of a running ax instance to use for future ax init/ax fleet

ax init

Description:
  Initialize one axiom instance with differnet options, such as image, region, size and axiom deployment profiles
Examples:
  axiom-init --run # provision instance with random name
  axiom-init --deploy desktop # provision instance with random name, then deploy axiom profile 'desktop'
  axiom-init testy01 # provision instance named testy01
  axiom-init stok01 --region nyc3 --image axiom-default-1635920849 --size s-1vcpu-2gb --deploy desktop --shell
Usage:
  <name> string (optional)
    Name of the instance, supplied as a positional first argument
  --run (optional)
    Create one instance with random name
  --image <image name>
    Manually set the image to use (default is imageid in ~/.axiom/axiom.json)
  --region <region>
    User specified region to use (default is region in ~/.axiom/axiom.json)
  --deploy <profile>
    Deploy a profile after initialization (e.g desktop, openvpn, bbrf, wireguard)
  --shell (optional)
    Connect to instance after initialization
  --size <vm size>
    VM size to use (default is size in ~/.axiom/axiom.json)
  --no-select (optional)
    Dont select instance after initialization (default is to select instance)
  --debug (optional)
    Run with set -xv, warning: very verbose
  --help
    Display this help menu

ax init <name> # Init
ax init --run # Init with random instance name
ax init <name> --deploy=<profile># Init and install deployment profile

the --deploy option allows you to install a deployment profile (stored in ~/.axiom/profiles/)

ax exec

Description:
  Evaluate shell one-liners or execute single commands on one or more instances in parallel
  Specify the fleet prefix, or let axiom use selected.conf by default (located in ~/.axiom/selected.conf)
  Execute command(s) from a detached tmux session on the remote instances
  Temporarily prevent axiom's SSH key regeneration and instead connect with a cached SSH config (default is ~/.axiom/.sshconfig)
Examples:
  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet, automatically select all instances in fleet testy
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
Usage:
  <commands> required string
    Command(s) to run on the remote axiom instances, multiple commands can be wrapped in single or double quotes, but not required
  -f/--fleet/--file <fleet prefix or list of instances from a file>
    Fleet prefix to execute on (default is ~/.axiom/selected.conf). Automatic wildcard support. Alternatively, can be a list of instances from a file (-f/--fleet/--file myinstances.txt)
  -i/--instance <instance name>
    Single instance to execute on
  --sshconfig <sshconfig_file> (optional string)
    Path to axiom's SSH config (default is ~/.axiom/.sshconfig)
  -q/--quiet (optional)
    Disable progress bar, and reduce verbosity
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --logs (optional)
    Do not delete logs (logs will be stored in ~/.axiom/logs/exec/axiom-exec$TIMESTAMP)
  --quick (optional)
    A faster but less reliable execution
  --skip-preflight (optional)
    Do not automatically remove instances that cant be reached (default removes instances from the queue that cant be reached)
  --preflight-timeout <int>
    Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default 5 seconds
  --help
    Display this help menu

  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
  axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)

ax ssh

Description:
  axiom-ssh dynamically generates axiom's SSH config based on your cloud inventory.
  axiom-ssh allows you to connect to your axiom instances over their public or private network interface.
  axiom-ssh can drop you right into a freshly created tmux session on the remote instance, and can be used to
  attach to a preexisting tmux session.
  All additional SSH args (such as port-forwards) are passed to SSH binary.
Examples:
  axiom-ssh testy01 # SSH into instance testy01
  axiom-ssh testy01 --tmux mysession1 # SSH into instance testy01 and spawn or attach to tmux session named mysession1
  axiom-ssh --just-generate # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with public Ip details
  axiom-ssh --just-generate private # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with private Ip details
  axiom-ssh --just-generate cache # Permanently lock/cache axiom's ssh config so it never regenerates (to revert run axiom-ssh --just-generate)
  axiom-ssh testy01 -L 8080:127.0.0.1:8080 -D 4040  # Port-forward 8080 to local port 8080 and dynamically port foward port 4040 to testy01
Usage:
  <instance name> required string
    Instance name supplied as a positional first argument
  --mosh/-m <instance name> (optional)
    Connect with mosh
  --just-generate <public, private, cache/lock> (optional)
    Specify when to generate the SSH config file and what IPs to use. Options are public, private, cache/lock ( default is public )
  --tmux <tmux session name to create/attach to> (optional)
    Connect to your instance and start new tmux session or connect to one (default session name is 'main')
  --tmux-attach/-t <tmux session> (optional)
    Only attach to tmux session if session name exists. If tmux session doesnt already exist, this will error
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu
  <additional args>
    All additional SSH args are passed to SSH. If you want additional arguments supplied to your command, simply append them to the command!
    example: axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040

axiom-ssh <name> #connects to list initialized instance
axiom-ssh <name> <ssh args>
axiom-ssh <name> --tmux
axiom-ssh <name> -m -t=main-15
axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040 # All additional SSH args are passed to SSH
axiom-ssh <name> --cache # Don't generate ssh config, just connect with cache
axiom-ssh --just-generate # Will populate the SSH config at ~/.axiom/.sshconfig with public IPs instances on the account
axiom-ssh --just-generate private # Will populate the SSH config at ~/.axiom/.sshconfig with private IPs instances on the account
axiom-ssh --just-generate cache # Will permanently avoid regenerating the SSH configs. To revert run: axiom-ssh --just-generate public or just axiom-ssh --just-generate

ax sizes

Description:
  Manage the default instance size used by 'axiom-init' or 'axiom-fleet' with 'axiom-sizes'!
  List all sizes the cloud provider has with 'axiom-sizes ls' and select a new one with 'axiom-sizes select $new_size' 
  All this does is replaces the .default_size in ~/.axiom/axiom.json with a new size
Examples:
  axiom-sizes ls # List all sizes the cloud provider offers
  axiom-sizes select Standard_F2 # Set a new default instance size to use with future 'axiom-init/axiom-fleet'
  axiom-sizes select 2,8192 # For ibm cloud, supply comma separated ram,cpu or cpu,ram values
  axiom-sizes default # Restore instance size to the default
Usage:
  ls (optional)
    List all available instance sizes 'axiom-images ls'
  get (optional)
    Print information about currently used instance size, equivalent to (cat ~/.axiom/axiom.json) 'axiom-sizes get'
  select <required insntance size name>
    Select a new instance size to use for future 'axiom-init/axiom-fleet', replaces 'default_size' in ~/.axiom/axiom.json with new 'default_size' (must be valid instance size from 'ax sizes ls')
  default (optional)
    Restore the default instance size 'axiom-sizes default'
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

ax sync

Usage of axiom-sync
Description: Make a copy of an instances home directoy and sync to your local filesystem.
Example Usage: axiom-sync instance01 instance02
  <instance> string
    Instance name you wish to backup
  --help (optional)
    Displays this menu

axiom-sync <name> # Backup the home directory of an initialized instance to the local filesystem

This allows you to download a copy of everything in an axiom instance to the local filesystem

ax power

Usage: axiom-power on 'rez\*'  #turns on instances starting with 'rez'
axiom-power off '\*'    #turns off all instances
Examples:
on                             Power on instance by instance name
off                           Power off instance by instance name 
reboot                           Reboot instance by instance name
help | --help | -h                           Print this help menu

axiom-power on 'rez\*' # Power on all instances in fleet named rez
axiom-power off 'rez\*' # Power off rez fleet
axiom-power reboot 'rez\*' # Reboot rez fleet

ax ls

List all instances on the account

ax ls

ax rm

axiom-rm <name> # Delete box by specifying the name
axiom-rm <name> -f # Forcibly delete box by specifying the
axiom-rm <name>\* # Delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm <name>\* -f # Forcibly delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm '\*' # Delete all instances on the account. Must be wrapped in single quote and escape the asterisk. 
axiom-rm '\*' -f # Forcibly delete all instances on the account. Must be wrapped in single quote and escape the asterisk.

ax region

axiom-region ls # lists regions
axiom-region select <region> # select region
axiom-region select ams2

ax account-setup

Choose your cloud provider and setup your ax profile (~./axiom/accounts/$profile.json)

ax account-setup

ax account

axiom-account-setup # Setup a new account
axiom-account # No args, list available accounts
axiom-account <account> # Select/Switch to the specified account

ax account # list all account profiles
ax account do # switch to profile DO. Profile must be valid ax json in ~/.axiom/accounts/$profile.json

ax scp

Description:
  axiom-scp supports downloading and uploading files or folders to fleets of axiom instance or single instances
  axiom-scp optionally allows splitting a local file across a fleet of instances
  axiom-scp supports globbing to expand the instance names from a fleet prefix
  when the literal string '$name' is in the command, axiom-scp automatically interpolates the instances name
Examples:
  axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates  # Upload a local folder to all instances in myfleet
  axiom-scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt # Upload local file to all instances in myfleet
  axiom-scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt --split # Split and upload local wordlist to all instances in myfleet
  axiom-scp testy01:/home/op/download-file.txt download-file.txt # Download file from a single instance named testy01
  axiom-scp 'testy*':/home/op/results.txt '~/home/localuser/folder/$name.txt' # Download file from all instances in testy fleet,
  when using '$name', it must be wrapped in single quotes and gets interpolated from the instance name
Usage:
  --split (optional)
    Split the local file depending on the size of the fleet, equally distribute the file across the fleet
  --sshconfig <path to custom ssh config> (optional)
    Path of custom SSH config file to use (default uses sshconfig in ~/.axiom/.sshconfig)
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

Copy a remote file from all instances in myfleet to local file. '$name' must be wrapped single quotes. '$name' is a required literal string and gets interpolated from the instance name.

axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt'

Copy a remote folder from all instances in myfleet to local folder. '$name' must be wrapped single quotes. '$name' is a required literal string and gets interpolated from the instance name.

axiom-scp 'myfleet*':/home/op/myfile/ '~/local/folder/$name'

Copy a remote file from one instance 'myfleet05' to a local file

axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt'

Copy a local file to all instances in myfleet, for example uploading a custom wordlist

axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt

Copy a local folder to all instances in myfleet, for example uploading a folder of custom nuclei templates

axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates

Split and upload local wordlist to all instances in myfleet

   axiom-scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt --split

ax select

Select what instances to use for exec, scp and fleet

axiom-select '<instance>'
axiom-select 'testy\*'  # Testy is an example of a fleet

ax deploy

Usage of axiom-deploy
Example Usage: axiom-deploy openvpn jerry01
  <profile> <instance>
    Name of the instance, supplied as a positional first argument
  --cache
    Use SSH cache (works if recently interacted with)
  --remove
    Uninstall the profile
  --list
    List profiles
  --help
    Display this help menu

axiom-deploy desktop <instance name> # Install desktop on initialized instance  
axiom-deploy covenant <instance name> # Install covenant on initialized instance  
ax deploy --list # list all available deployment profiles

All profiles can be found in ~/.axiom/profiles

PreviousTeardown Instances NextBring Your Own Provisioner

Last updated 7 months ago

Ax Utility Scripts

Utility scripts to help you interact with axiom instances!

ax

A wrapper for various axiom scripts in ~/.axiom/interact

Description:
  Welcome to the Ax Framework! You can use this wrapper to execute the various axiom scripts (located in ~/.axiom/interact/)
  To supply additional arguments to a script, simply append them to the command
  For more options, print the help menu for any script (ax init, ax fleet, ax scan, ax images, etc)
  Or you could just run the scripts without the wrapper (axiom-exec for example)
Examples:
  ax configure --setup --shell zsh --unattended  # Kick off axiom configuration wizard, add axiom to zsh path, avoid any prompts
  ax account-setup  # Kick off axiom account setup wizard
  ax account linode  # Switch to linode account (must be a valid axiom.json in ~/.axiom/accounts)
  ax build default # Build the Packer image with the Default provisioner located in ~/.axiom/images/provisioners/default.json
  
  ax init --run # Create axiom instance with random instane name
  ax fleet -i 10 -r nyc1,nyc3,fra1,sfo2 # Spin up 10 instances with random fleet prefix using Round-robin region distribution
  ax ls # List all instances on the account
  ax ssh testy01 # SSH into instance testy01
  ax select testy\* # Select all instances in testy fleet (this updates ~/.axiom/selected.conf)
  ax scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt --split # Split and upload local wordlist to all instances in myfleet
  ax scan input.txt -m nuclei --nuclei-templates /home/localuser/custom-templates/ -o outputfile.txt # Run a distributed scan, upload custom nuclei templates
  ax rm testy\* # Delete all instances in testy fleet
  ax rm '\*' # Delete all instances on the account
  
  ax images ls  # List all images on the account
  ax images create # Create a new image/snapshot of a running axiom instance
  ax images select axiom-testy01-1710180715 # Select image named axiom-testy01-1710180715 to use for future ax init and ax fleet
  
  ax sizes ls  # List all available sizes (cpu and ram) to use for instances
  ax sizes select s-4vcpu-8gb # Select new default instance size to use for future axiom-init/axiom-fleet
  
  ax power on rez\* # Power on all instances in fleet 'rez'
  ax region ls  # List available regions
  ax region select nyc1 # Select region 'nyc1' (this updates ~/axiom.json with the new region)
Usage:
  account
   Select Axiom account (axiom-account)
  account-setup
   Start Axiom account setup wizard (axiom-account-setup)
  build
   Start Axiom build wizard (axiom-build)
  configure
   Display commands to manage the configuration of axiom (axiom-configure), install dependencies, kick off axiom-account-setup and axiom-build 
  deploy
   Deploy a profile stored in ~/.axiom/profiles/ (axiom-deploy)
  exec
   Evaluate shell one-liners or execute single commands on one or more instances in parallel (axiom-exec)
  fleet
   Display commands to manage fleets (axiom-fleet)
  images
   Create a new snapshot of a running axiom instance, select the new snapshot to deploy future axiom instances/fleets, get and delete images (axiom-images)
  init
   Display commands to manage initializing one axiom instance with differnet options, such as image, region, size and axiom deployment profiles (axiom-init)
  ls
   List all instances on the account (axiom-ls)
  power
   Display commands to manage powering on or off instances by name (axiom-power)
  region
   Display commands to list regions or select a region (axiom-region)
  rm
   Remove instances from the account (axiom-rm)
  scan 
   Display commands to manange the distribution of arbitrary binaries and scripts across fleets of Axiom instances (axiom-scan)
  scp
   Display commands used to upload and download files from fleets (axiom-scp)
  select
   Select instances to use for exec and fleet (axiom-select)
  sizes
   Manage the default instance size used by axiom-init or axiom-fleet (axiom-sizes)
  ssh
   Display commands to manage Axiom's ssh config file or connect to a specific Axiom instance (axiom-ssh)
  sync
   Make a copy of an instances home directoy and sync to your local filesystem (axiom-sync)
  update
   Run 'cd ~/.axiom && git pull' to update to the latest version! (axiom-update)
  <additional args>
   To pass additional arguments to the script, simply append them to the command!

ax configure

Setup and configure the axiom controller and validate cloud account

Description:
Examples:
  axiom-configure --setup # kick off Ax configuration wizard
  axiom-configure --shell zsh # Set default shell to zsh via command line
  axiom-configure --config <personal.json file> # Use personal.json from a file for account setup
  axiom-configure --config <personal.json string> # Use personal.json data supplied by command-line for account setup (must be vaild personal.json data wrapped in single quotes)
  axiom-configure --shell bash --unattended --config <path to personal.json file>  # Use bash for default shell, do not promot, use personal.json data from file for axiom setup
Usage:
  --setup (optional)
    Start axiom-configure wizard, install dependencies, kick off axiom-account-setup and axiom-build
  --config <axiom.json data>
    Setup account with data from file or supplied from the command line (must be vaild data from a personal.json axiom file)
  --unattended (optional)
    Avoid any promots, defaults to Oh My Zsh unless --shell argument is also provided
  --shell <bash, zsh, omz (Oh My Zsh)> (optional)
    Add axiom to path, backup .zshrc/.bashrc to .zshrcbak/.bashrcbak
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help
    Display this help menu

ax configure --setup

You can provide your config file before or after running axiom-configure.

axiom-configure --setup --shell bash --unattended --config ~/.axiom/accounts/do.json

ax build

Pick a Packer provisioner

You must run axiom-configure before anything else. This creates your axiom.json file which is required by other commands.

Description:
  axiom-build supports both legacy Packer JSON files as well as the new HCL format
  axiom-build combines a cloud provider's Builder (~/.axiom/images/$format/builders) with a Provisioner (~/.axiom/images/$format/provisioners)
  to generate the final Packer file (~/.axiom/images/$format/axiom.$format)
  Using Packer, axiom-build creates an image with the tools pre-installed, as defined by the chosen Provisioner
  choose between multiple Provisioners (barebones, default, reconftw, and extras) or bring your own (custom)

  axiom-build adds your SSH key to the image, allowing you to connect to instances created using the image
  by default, it creates and uses an SSH key located at ~/.ssh/axiom_ssh.pub, but you can specify a custom SSH key if needed
Examples:
  axiom-build --run # Kick off the interactive build wizard
  axiom-build default # Build a new Packer image using the Default Provisioner
  axiom-build barebones --debug # Build a new Packer image using the Barebones Provisioner, run with --debug
  axiom-build --ssh-key ~/.ssh/id_rsa.pub # Set a custom SSH key (default is SSH key in ~/.ssh/axiom_ssh.pub)
Usage:
  <provisioner> (optional)
    Name of provisioner to build, options are barebones, default, reconftw, extras or custom (provisioner must be located in ~/.axiom/images/$format/provisioners)
  --run (optional)
    Start axiom-build setup wizard
  --legacy (optional)
    Use legacy Packer JSON Builder and Provisioner instead of pkr.hcl
  --ssh-key <file to pub key> (optional)
    Build the image using a custom SSH key (instead of using the default ssh key axiom creates ~/.ssh/axiom_ssh.pub)
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

axiom-build default

You can provide your provisioner inline or after running axiom-build.

We currently offer four different base provisioner files, and 2 custom provisioner file to build images.
is our latest iteration of axiom provisioners. It comes with many tools installed and has been optimized for readability. Recommended for axiom-fleet.
provisioner includes all tools in ReconFTW and works with most modules. Recommended for ReconFTW.
is our decently secure base install, comes with Docker, Go-lang, Interlace and nmap installed. Recommended for templating.
has more tools installed than our Default provisioner

To use your own Provisioner, read .

ax images

Manage images/snapshots with axiom-images

Description:
  Manage images created by 'axiom-build' or 'axiom-images' with 'axiom-images'!
  After creating an image, list all images on the account 'axiom-images ls'
  Delete images on the account that are no longer needed 'axiom-images rm $image_name'
  Create a new image/snapshot from a deployed instance with 'axiom-images create' (list all deployed instances with 'axiom-ls')
  After the new image is created, or to switch to a different image on the account, select it with 'axiom-images select $image_name' to use for 'axiom-init/axiom-fleet'!
Examples:
  axiom-images ls # List all images on the account
  axiom-images get # Print details from ~/.axiom/axiom.sjon
  axiom-images rm axiom-default-1709878237 # Delete image named axiom-default-1709878237 from the account
  axiom-images create # Start 'axiom-images' image creation wizard
  axiom-images create testy01 # Skip image creation wizard and instead create image from testy01 instance
  axiom-images select axiom-barebones-1709944106 # Select image named axiom-barebones-1709944106 to use with future 'axiom-init/axiom-fleet'
Usage:
  ls (optional)
    List all images on the account 'axiom-images ls'
  get (optional)
    Print information about current account, equivalent to (cat ~/.axiom/axiom.json) 'axiom-images get'
  rm <required image name>
    Specify an image by name to delete (must be an image name from 'axiom-images ls')
  create <optional instance name>
    Kick off axiom-images creation wizard or specify an instance to create an image from 'axiom-images create $instance_name'
  select <required image name>
    Select a new image to use for future 'axiom-init/axiom-fleet', replaces 'imageid' in ~/.axiom/axiom.json with new 'imageid' (must be an image name from 'axiom-images ls')
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

axiom-images ls # List available images
axiom-images use <image name> # Replace image used for axiom-init/axiom-fleet with user provided image name 
axiom-images rm <image name> # Delete image by name
ax image create # kick off image creation wizard. Make a snapshot of a running ax instance to use for future ax init/ax fleet

ax init

Initialize a single instance

Description:
  Initialize one axiom instance with differnet options, such as image, region, size and axiom deployment profiles
Examples:
  axiom-init --run # provision instance with random name
  axiom-init --deploy desktop # provision instance with random name, then deploy axiom profile 'desktop'
  axiom-init testy01 # provision instance named testy01
  axiom-init stok01 --region nyc3 --image axiom-default-1635920849 --size s-1vcpu-2gb --deploy desktop --shell
Usage:
  <name> string (optional)
    Name of the instance, supplied as a positional first argument
  --run (optional)
    Create one instance with random name
  --image <image name>
    Manually set the image to use (default is imageid in ~/.axiom/axiom.json)
  --region <region>
    User specified region to use (default is region in ~/.axiom/axiom.json)
  --deploy <profile>
    Deploy a profile after initialization (e.g desktop, openvpn, bbrf, wireguard)
  --shell (optional)
    Connect to instance after initialization
  --size <vm size>
    VM size to use (default is size in ~/.axiom/axiom.json)
  --no-select (optional)
    Dont select instance after initialization (default is to select instance)
  --debug (optional)
    Run with set -xv, warning: very verbose
  --help
    Display this help menu

ax init <name> # Init
ax init --run # Init with random instance name
ax init <name> --deploy=<profile># Init and install deployment profile

the --deploy option allows you to install a deployment profile (stored in ~/.axiom/profiles/)

ax exec

Execute a command against one or many instances

Description:
  Evaluate shell one-liners or execute single commands on one or more instances in parallel
  Specify the fleet prefix, or let axiom use selected.conf by default (located in ~/.axiom/selected.conf)
  Execute command(s) from a detached tmux session on the remote instances
  Temporarily prevent axiom's SSH key regeneration and instead connect with a cached SSH config (default is ~/.axiom/.sshconfig)
Examples:
  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet, automatically select all instances in fleet testy
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
Usage:
  <commands> required string
    Command(s) to run on the remote axiom instances, multiple commands can be wrapped in single or double quotes, but not required
  -f/--fleet/--file <fleet prefix or list of instances from a file>
    Fleet prefix to execute on (default is ~/.axiom/selected.conf). Automatic wildcard support. Alternatively, can be a list of instances from a file (-f/--fleet/--file myinstances.txt)
  -i/--instance <instance name>
    Single instance to execute on
  --sshconfig <sshconfig_file> (optional string)
    Path to axiom's SSH config (default is ~/.axiom/.sshconfig)
  -q/--quiet (optional)
    Disable progress bar, and reduce verbosity
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --logs (optional)
    Do not delete logs (logs will be stored in ~/.axiom/logs/exec/axiom-exec$TIMESTAMP)
  --quick (optional)
    A faster but less reliable execution
  --skip-preflight (optional)
    Do not automatically remove instances that cant be reached (default removes instances from the queue that cant be reached)
  --preflight-timeout <int>
    Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default 5 seconds
  --help
    Display this help menu

  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
  axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)

ax ssh

Connect to an instance

Description:
  axiom-ssh dynamically generates axiom's SSH config based on your cloud inventory.
  axiom-ssh allows you to connect to your axiom instances over their public or private network interface.
  axiom-ssh can drop you right into a freshly created tmux session on the remote instance, and can be used to
  attach to a preexisting tmux session.
  All additional SSH args (such as port-forwards) are passed to SSH binary.
Examples:
  axiom-ssh testy01 # SSH into instance testy01
  axiom-ssh testy01 --tmux mysession1 # SSH into instance testy01 and spawn or attach to tmux session named mysession1
  axiom-ssh --just-generate # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with public Ip details
  axiom-ssh --just-generate private # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with private Ip details
  axiom-ssh --just-generate cache # Permanently lock/cache axiom's ssh config so it never regenerates (to revert run axiom-ssh --just-generate)
  axiom-ssh testy01 -L 8080:127.0.0.1:8080 -D 4040  # Port-forward 8080 to local port 8080 and dynamically port foward port 4040 to testy01
Usage:
  <instance name> required string
    Instance name supplied as a positional first argument
  --mosh/-m <instance name> (optional)
    Connect with mosh
  --just-generate <public, private, cache/lock> (optional)
    Specify when to generate the SSH config file and what IPs to use. Options are public, private, cache/lock ( default is public )
  --tmux <tmux session name to create/attach to> (optional)
    Connect to your instance and start new tmux session or connect to one (default session name is 'main')
  --tmux-attach/-t <tmux session> (optional)
    Only attach to tmux session if session name exists. If tmux session doesnt already exist, this will error
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu
  <additional args>
    All additional SSH args are passed to SSH. If you want additional arguments supplied to your command, simply append them to the command!
    example: axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040

axiom-ssh <name> #connects to list initialized instance
axiom-ssh <name> <ssh args>
axiom-ssh <name> --tmux
axiom-ssh <name> -m -t=main-15
axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040 # All additional SSH args are passed to SSH
axiom-ssh <name> --cache # Don't generate ssh config, just connect with cache
axiom-ssh --just-generate # Will populate the SSH config at ~/.axiom/.sshconfig with public IPs instances on the account
axiom-ssh --just-generate private # Will populate the SSH config at ~/.axiom/.sshconfig with private IPs instances on the account
axiom-ssh --just-generate cache # Will permanently avoid regenerating the SSH configs. To revert run: axiom-ssh --just-generate public or just axiom-ssh --just-generate

ax sizes

Change the default size (CPU/RAM) to use when creating instances and fleets

Description:
  Manage the default instance size used by 'axiom-init' or 'axiom-fleet' with 'axiom-sizes'!
  List all sizes the cloud provider has with 'axiom-sizes ls' and select a new one with 'axiom-sizes select $new_size' 
  All this does is replaces the .default_size in ~/.axiom/axiom.json with a new size
Examples:
  axiom-sizes ls # List all sizes the cloud provider offers
  axiom-sizes select Standard_F2 # Set a new default instance size to use with future 'axiom-init/axiom-fleet'
  axiom-sizes select 2,8192 # For ibm cloud, supply comma separated ram,cpu or cpu,ram values
  axiom-sizes default # Restore instance size to the default
Usage:
  ls (optional)
    List all available instance sizes 'axiom-images ls'
  get (optional)
    Print information about currently used instance size, equivalent to (cat ~/.axiom/axiom.json) 'axiom-sizes get'
  select <required insntance size name>
    Select a new instance size to use for future 'axiom-init/axiom-fleet', replaces 'default_size' in ~/.axiom/axiom.json with new 'default_size' (must be valid instance size from 'ax sizes ls')
  default (optional)
    Restore the default instance size 'axiom-sizes default'
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

ax sync

Make a copy of an instances home directory

Usage of axiom-sync
Description: Make a copy of an instances home directoy and sync to your local filesystem.
Example Usage: axiom-sync instance01 instance02
  <instance> string
    Instance name you wish to backup
  --help (optional)
    Displays this menu

axiom-sync <name> # Backup the home directory of an initialized instance to the local filesystem

This allows you to download a copy of everything in an axiom instance to the local filesystem

ax power

Power on, off and reboot instances and fleets with axiom-power.

Usage: axiom-power on 'rez\*'  #turns on instances starting with 'rez'
axiom-power off '\*'    #turns off all instances
Examples:
on                             Power on instance by instance name
off                           Power off instance by instance name 
reboot                           Reboot instance by instance name
help | --help | -h                           Print this help menu

axiom-power on 'rez\*' # Power on all instances in fleet named rez
axiom-power off 'rez\*' # Power off rez fleet
axiom-power reboot 'rez\*' # Reboot rez fleet

ax ls

List all instances on the account

ax ls

ax rm

Remove one or more axiom instances

axiom-rm <name> # Delete box by specifying the name
axiom-rm <name> -f # Forcibly delete box by specifying the
axiom-rm <name>\* # Delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm <name>\* -f # Forcibly delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm '\*' # Delete all instances on the account. Must be wrapped in single quote and escape the asterisk. 
axiom-rm '\*' -f # Forcibly delete all instances on the account. Must be wrapped in single quote and escape the asterisk.

ax region

Switch to a new region

axiom-region ls # lists regions
axiom-region select <region> # select region
axiom-region select ams2

ax account-setup

Choose your cloud provider and setup your ax profile (~./axiom/accounts/$profile.json)

ax account-setup

ax account

Manage user accounts

axiom-account-setup # Setup a new account
axiom-account # No args, list available accounts
axiom-account <account> # Select/Switch to the specified account

ax account # list all account profiles
ax account do # switch to profile DO. Profile must be valid ax json in ~/.axiom/accounts/$profile.json

ax scp

Copy files to and from instances. Optionally, split a file and distribute to all hosts.

Description:
  axiom-scp supports downloading and uploading files or folders to fleets of axiom instance or single instances
  axiom-scp optionally allows splitting a local file across a fleet of instances
  axiom-scp supports globbing to expand the instance names from a fleet prefix
  when the literal string '$name' is in the command, axiom-scp automatically interpolates the instances name
Examples:
  axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates  # Upload a local folder to all instances in myfleet
  axiom-scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt # Upload local file to all instances in myfleet
  axiom-scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt --split # Split and upload local wordlist to all instances in myfleet
  axiom-scp testy01:/home/op/download-file.txt download-file.txt # Download file from a single instance named testy01
  axiom-scp 'testy*':/home/op/results.txt '~/home/localuser/folder/$name.txt' # Download file from all instances in testy fleet,
  when using '$name', it must be wrapped in single quotes and gets interpolated from the instance name
Usage:
  --split (optional)
    Split the local file depending on the size of the fleet, equally distribute the file across the fleet
  --sshconfig <path to custom ssh config> (optional)
    Path of custom SSH config file to use (default uses sshconfig in ~/.axiom/.sshconfig)
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --debug (optional)
    Enable debug mode (VERY VERBOSE!)
  --help (optional)
    Display this help menu

Copy a remote file from all instances in myfleet to local file. '$name' must be wrapped single quotes. '$name' is a required literal string and gets interpolated from the instance name.

axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt'

Copy a remote folder from all instances in myfleet to local folder. '$name' must be wrapped single quotes. '$name' is a required literal string and gets interpolated from the instance name.

axiom-scp 'myfleet*':/home/op/myfile/ '~/local/folder/$name'

Copy a remote file from one instance 'myfleet05' to a local file

axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt'

Copy a local file to all instances in myfleet, for example uploading a custom wordlist

axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt

Copy a local folder to all instances in myfleet, for example uploading a folder of custom nuclei templates

axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates

Split and upload local wordlist to all instances in myfleet

   axiom-scp custom-wordlist.txt 'myfleet*':/home/op/custom-wordlist.txt --split

ax select

Select what instances to use for exec, scp and fleet

axiom-select '<instance>'
axiom-select 'testy\*'  # Testy is an example of a fleet

ax deploy

Deploy a profile

Usage of axiom-deploy
Example Usage: axiom-deploy openvpn jerry01
  <profile> <instance>
    Name of the instance, supplied as a positional first argument
  --cache
    Use SSH cache (works if recently interacted with)
  --remove
    Uninstall the profile
  --list
    List profiles
  --help
    Display this help menu

axiom-deploy desktop <instance name> # Install desktop on initialized instance  
axiom-deploy covenant <instance name> # Install covenant on initialized instance  
ax deploy --list # list all available deployment profiles

All profiles can be found in ~/.axiom/profiles

PreviousTeardown Instances NextBring Your Own Provisioner

Last updated 7 months ago