Adding One-Shot Modules

Ax supports two types of scan modules: Simple Modules and One-Shot Modules. If a module contains the string _target_ or _safe-target_, ax scan will execute it as a One-Shot Module.

One-Shot Modules utilize Interlace to convert single-threaded command-line applications into fast, multi-threaded applications. Specifically, ax scan uses Interlace (created by codingo and sml555) to manage threading for any binary or script.

Here's an example of a One-Shot Module and its benefits:

[
  {
    "command": "/home/op/go/bin/ffuf -w _wordlist_ -u _target_/FUZZ -of csv -o output/_cleantarget_ -ac",
    "wordlist": "/home/op/lists/seclists/Discovery/Web-Content/big.txt",
    "ext": "csv",
    "threads": "1"
  }
]

Some tools only accept one target at a time rather than a list of targets from a file. This is a prime example of why One-Shot Modules are beneficial.

Typically, ax scan splits a target list (e.g., IPs or URLs) and uploads parts to each instance in the fleet, renaming all parts to "input". Instead of using a One-Shot Module, you could use a Simple Module with a bash loop, like this:

[
  {
    "command": "for i in $(cat input); do ffuf -w _wordlist_ -u $i/FUZZ -of csv -o output/$(echo $i | tr -d ':' | tr -d '/') -ac; done",
    "wordlist": "/home/op/lists/seclists/Discovery/Web-Content/big.txt",
    "ext": "dir"
  }
]

The above command is valid syntax, and ax scan can execute any bash command you supply, including loops and sub-shells (as long as its valid JSON). However, notice that the output requires cleaning to remove colons and forward slashes from the HTTPS scheme, as files can't contain these characters. This method also doesn't support easy threading.

This is where Interlace is useful. By integrating Interlace, we have enabled easy threading for Ax modules. To specify the number of threads, simply add the desired number next to "threads" in the JSON object.