Problem using Linode instances

[pdelteil]

I've been running axiom-scan using linode instances and I constantly face the following issue:

One or more instances have a very low performance, for instance, using nuclei some instances run at 140 RPS (requests per second) while others run at 5 or less RPS. I've recreated the instances and I can't figure out why this is happening. I didn't have this type of issues using Digital Ocean.

Is anyone having the same issue?

[0xtavian]

@pdelteil thanks, I think the issue was related to the ulimits we set. they were just maxed out. so any process could probably over-consume resources and cause the remote instances to grind to a halt, maybe. thats one possible idea for why this happens. Make sure u do axiom-update and it will require a rebuild (axiom-rebuild). Let me know if this continues to happen. Im going to close this issue but feel free to open it back up if you experience the same issue

[pdelteil]

Hello @0xtavian,

That change seems to fix the problem I was having. The RPS are similar in all the instances.

So, thanks so much.

[pdelteil]

Hello @0xtavian, I recently updated and rebuilt axiom, the instances are running at 100% but the RPS is only between 4-8. I used a lower rate limit for the nuclei scans with no change.

What should I check ?

[0xtavian]

@pdelteil thats not axiom-scan right? I would use axiom-scan instead of axiom-exec to kick off scan. I would delete and rebuild your fleet either way. There could be orphaned processes in the background causing overconsumption of resources. you could also try rebooting the entire fleet and trying again. LMK if that fixes it

[pdelteil]

Yes, it's axiom-scan. Also having problems with the normal output (some instances just stopped showing up on the stats).

I noticed the load was 0 after stopping the scan, still I will try restarting everything.

[0xtavian]

@pdelteil can you post the module you are using and the command you are running?

[pdelteil]

Sure,

axiom-scan $file -m nuclei -stats -si 180 -t /home/op/nuclei-templates/template.yaml

[0xtavian]

@pdelteil and the exact module please

[pdelteil]

Hi, isn't nuclei the module? (or you mean template? )

[0xtavian]

Also dont specify -t use -w instead. Using -w will correctly overwrite the default "wordlist" that we use for nuclei default template path. We rewrite the -w to -t so nuclei can understand it ofc. If there is no default wordlist but a module is expecting it (like nuclei), it will replace it with a default wordlist seclist/Discovery/Web-Content/common.txt. I hope that makes sense. And i mean the axiom module. Also just be mindful that in your previous command you didnt specify an output file

[0xtavian]

Also that output looks very odd. My axiom-scan doesnt look like that at all, so im not sure what thats about.

[0xtavian]

@pdelteil During the beginning of the scan you'll see the axiom-scan logo and under it you'll see the command that is actually passed to nuclei on the remote instance. After testing by removing the "wordlist" in the axiom module and only specifying one template in the command line, like you did. you can see in the final command that gets past to the instances is:

"/home/op/go/bin/nuclei -silent -update-templates ; cat input | /home/op/go/bin/nuclei -t /home/op/lists/seclist/Discovery/Web-Content/common.txt -o output -t /home/op/mytemplates/template.yaml"

when this happens I am also seeing very hire RPS (30-50). I think this is your issue. I will try to come up with a fix so that users can use -t in nuclei as expected. In the meantime just use -w to point to a wordlist or edit the module](https://github.com/pry0cc/axiom/blob/master/modules/nuclei.json) directly and change it from there. . Thanks for bringing this to our attention 8)

[pdelteil]

Also that output looks very odd. My axiom-scan doesnt look like that at all, so im not sure what thats about.

I'm sorry @0xtavian. The output is a tail -n 1 * on the log folder. The regular output was not working correctly, probably because of a overload on the droplets.