# Horizontal vs Vertical Scaling

## Horizontal vs Vertical Scaling with ax scan

While most modules are designed to scan a lot of targets (horizontal scaling), with some creativity, modules can be written to scan one target with the combined power of the entire fleet (vertical scaling).

With `ax scan` [modules](https://github.com/attacksurge/ax/tree/master/modules), most of the time we are splitting a target list (a bunch of IPs for example) and uploading parts of the target list to every instance, but if we wanted to do something like brute-force one target with five axiom instances, we can do that by splitting a wordlist instead.

By rearranging the special `input` file in the module to point to a wordlist instead of a target list, `ax scan` will split the wordlist and run it against the target you hardcoded in the module or specified in the command-line.

### Horizontal Scaling - One to Many

The following puredns module spits a target list of domains and brute-forces each domain with the entire wordlist.

```
[
  {
    "command":"/home/op/go/bin/puredns bruteforce /home/op/lists/seclists/Discovery/DNS/dns-Jhaddix.txt --domains input --resolvers /home/op/lists/resolvers.txt | tee output",
    "ext":"txt"
  }
]
```

Example: `ax scan myrootdomains.txt -m puredns-bruteforce -o myresults`<br>

#### `_wordlist_`

Adding the special `_wordlist_` variable in the module allows `ax scan` to change the wordlist if `-w` is present the command line, but not required. This is only included to demonstrate the optional `_wordlist_` variable.

```
[
  {
    "command":"/home/op/go/bin/puredns bruteforce _wordlist_ --domains input --resolvers /home/op/lists/resolvers.txt | tee output",
    "ext":"txt",
    "wordlist":"/home/op/lists/seclists/Discovery/DNS/dns-Jhaddix.txt"
  }
]
```

Example: `ax scan myrootdomains.txt -m puredns-bruteforce -w /home/op/lists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -o myresults`

Both modules above are examples of horizontal scaling. We take the target list of domains e.g. `myrootdomains.txt`, split and upload parts of the target list to every instance and brute-force the targets with the entire wordlist.

### Vertical Scaling - Many to One

If we wanted to vertically scale e.g targeting one host with the combined power of the entire fleet, lets look at the next example:

```
[
  {
    "command": "/home/op/go/bin/puredns bruteforce input --resolvers /home/op/lists/resolvers.txt tesla.com | tee output",
    "ext": "txt"
  }
]
```

Example: `ax scan bitquark-subdomains-top100000.txt -m puredns-single -o myresults`

In the above example, we are hardcoding the target tesla.com directly into the module. More importantly, the special file `input` is now positioned as a wordlist. When running the `ax scan` command we must pick a wordlist as our first positional argument to split and upload.<br>

Alternatively, you could have a module without the hardcoded target and instead specify the target in the command line:

```
[
  {
    "command":"/home/op/go/bin/puredns bruteforce input --resolvers /home/op/lists/resolvers.txt | tee output",
    "ext":"txt"
  }
]
```

Example: `axiom-scan bitquark-subdomains-top100000.txt -m puredns-single tesla.com -o myresults`\
The last two modules are examples of vertical scaling. We take a wordlist, e.g. `bitquark-subdomains-top100000.txt`, split it and upload parts of the wordlist to every instance. All instances brute-force a singular target .e.g. `tesla.com`.

For another example of a vertical scaling module take a look at [gobuster-dns](https://github.com/pry0cc/axiom/blob/master/modules/gobuster-dns.json).

### Vertical and Horizontal Scaling - Many to Many

TODO


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ax.attacksurge.com/fundamentals/scans/horizontal-vs-vertical-scaling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.