wiki
  • πŸ‘‹Welcome to the Ax Framework Wiki
  • Overview
    • βœ…Existing Users
    • πŸ’ΏInstallation Guide
    • πŸ’»Ax Controller
    • πŸ’‘How it Works
  • Fundamentals
    • πŸ› οΈAx Utility Scripts
    • πŸ”ŽBring Your Own Provisioner
    • βš”οΈFleets
    • πŸš€Scans
      • πŸ€–Modules
        • πŸ“€Adding Simple Modules
        • 🎯Adding One-Shot Modules
        • πŸ“ŽMerging and Module Extensions
      • βš™οΈHorizontal vs Vertical Scaling
    • 🀝Responsibility
    • πŸ“–Terminology
Powered by GitBook
On this page
  1. Fundamentals
  2. Scans
  3. Modules

Adding Simple Modules

You can install tools either before or after spinning up your fleet. If you already have a fleet, simply execute ax exec. This command also works for updates. For example, to update Nuclei templates, run ax exec nuclei -update-templates. To install a package with apt-get, execute ax exec sudo apt-get install [package-name] -y.

Adding tools to the packer build is only slightly more complicated. First, add the installation command(s) to one of the provisioner files under the inline object. The commands must be non-interactive, wrapped in double quotes, and end with a comma for all lines except the last (i.e it needs to be valid JSON). If you need an additional set of double quotes, make sure to escape them. Next, run ax build to create the new packer image with your tools installed.

Creating a module is also easy. Let's use dnsx as an example. Dnsx is a prime choice because it outputs to plaintext (expressed here) which is simple to handle, and the results are returned one line per target without needing to be in a specific order, making them easy to merge.

[
  {
    "command": "cat input | /usr/bin/dnsx -silent -r /home/op/lists/resolvers.txt -o output",
    "ext": "txt"
  }
]

With ax scan, every instance executes the same command specified in the module. Ax scan splits the user-provided target list (e.g., a list of IPs) into equal parts per instance. For example, if you have 5 instances, the target list is divided into 5 equal parts and uploaded to the appropriate instance. During this process, all files are renamed to "input". Each instance uses its "input" file, which is one portion of the total target list. This is crucial because all modules must include "input" for ax scan to locate the target list.

Just as the module must have a file named "input", it must also have a file named "output" for the results. To download results from each instance, ax scan uses rsync via SSH to retrieve a file named "output" from each instance. The output files are then merged into one and renamed based on a user-provided argument.

For tools that only output to STDOUT and not to a file, avoid using > to redirect the output. Instead, pipe the STDOUT to tee and save it to a file named "output" using tee output.

Here’s a breakdown of the example command:

"cat input | /usr/bin/dnsx -silent -r /home/op/lists/resolvers.txt -o output"

  • cat input: Reads the portion of the target list assigned to this instance.

  • /usr/bin/dnsx -silent -r /home/op/lists/resolvers.txt: Runs the dnsx binary with the specified resolver list.

  • -o output: Writes the results to a file named "output".

  • "ext": "txt": Specifies that the output file extension is "txt".

PreviousModulesNextAdding One-Shot Modules

Last updated 4 months ago

πŸš€
πŸ€–
πŸ“€