# Adding Simple Modules You can install tools either before or after spinning up your fleet. If you already have a fleet, simply execute `ax exec`. This command also works for updates. For example, to update Nuclei templates, run `ax exec nuclei -update-templates`. To install a package with apt-get, execute `ax exec sudo apt-get install [package-name] -y`. Adding tools to the packer build is only slightly more complicated. First, add the installation command(s) to one of the [provisioner](https://github.com/attacksurge/ax/tree/master/images/provisioners) files under the inline object. The commands must be non-interactive, wrapped in double quotes, and end with a comma for all lines except the last (i.e it needs to be valid JSON). If you need an additional set of double quotes, make sure to escape them. Next, run `ax build` to create the new packer image with your tools installed. Creating a module is also easy. Let's use [dnsx](https://github.com/attacksurge/ax/blob/master/modules/dnsx.json) as an example. Dnsx is a prime choice because it outputs to plaintext (expressed [here](https://github.com/attacksurge/ax/blob/master/modules/dnsx.json#L3)) which is simple to handle, and the results are returned one line per target without needing to be in a specific order, making them easy to merge. ``` [ { "command": "cat input | /usr/bin/dnsx -silent -r /home/op/lists/resolvers.txt -o output", "ext": "txt" } ] ``` With ax scan, every instance executes the same command specified in the module. Ax scan splits the user-provided target list (e.g., a list of IPs) into equal parts per instance. For example, if you have 5 instances, the target list is divided into 5 equal parts and uploaded to the appropriate instance. During this process, all files are renamed to "input". Each instance uses its "input" file, which is one portion of the total target list. This is crucial because all modules must include "input" for ax scan to locate the target list. Just as the module must have a file named "input", it must also have a file named "output" for the results. To download results from each instance, ax scan uses rsync via SSH to retrieve a file named "output" from each instance. The output files are then merged into one and renamed based on a user-provided argument. For tools that only output to STDOUT and not to a file, avoid using `>` to redirect the output. Instead, pipe the STDOUT to `tee` and save it to a file named "output" using `tee output`. Here’s a breakdown of the example command: ``` "cat input | /usr/bin/dnsx -silent -r /home/op/lists/resolvers.txt -o output" ``` * `cat input`: Reads the portion of the target list assigned to this instance. * `/usr/bin/dnsx -silent -r /home/op/lists/resolvers.txt`: Runs the dnsx binary with the specified resolver list. * `-o output`: Writes the results to a file named "output". * `"ext": "txt"`: Specifies that the output file extension is "txt". --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ax.attacksurge.com/fundamentals/scans/modules/adding-simple-modules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.