Closed Hax0rG1rl closed 2 years ago
@Hax0rG1rl the default module can be a little confusing, I believe this is a horizontally scaling module. The way it’s supposed to work is:
axiom-scan mylocalwordlist.txt -m gobuster-dns yahoo.com
Where you’ll spilt a local wordlist and use the combined power of the fleet to brute force a signaler target ( specified in the command line or you can hardcore the target directly in the module), in this case yahoo.com.
i should be able to make you a module that fits your needs, as long as I know the following:
what is the contents of 3.txt ( three root/target domains)? Is mylist.txt a list of words to use for brute forcing? If not what is it? What are you looking to accomplish?
Apologies for my delayed response.
So:
I am trying to use axiom's feature and load balance the subdomain brute forcing.
@Hax0rG1rl Try this
[{
"command":"/usr/bin/gobuster dns -q -w _wordlist_ -o output/_cleantarget_ -d _target_",
"ext":"dir",
"threads":"1"
}]
axiom-scan 3.txt -m gobuster-new-dns -wD mywordlist.txt
if you want to upload the entire wordlist (instead of splitting and uploading), try
axiom-scan 3.txt -m gobuster-new-dns -wL mywordlist.txt
i haven’t gotten a chance to try it yet but pretty confident it will work, but lmk if it doesn’t (include all terminal output if it doesn’t work, please and thank you).
The above is a “one-shot” module. Its useful when the tool doesn’t support taking a list of targets as an input file. Our Whois module is another example of a simple “one-shot” module. https://github.com/pry0cc/axiom/blob/master/modules/whois.json
Hey,
It seems to work so far. Thank you!
Hi Octavian,
So:
- 3.txt contains a list of domains I am looking to scan
- mylocal list is a large words list for domain brute-force
I am looking to use the axiom split the workload concept and expedite the brute force subdomain discovery supplying a list of root domains.
And thank you very much!
Sent from ProtonMail mobile
-------- Original Message -------- On Apr 14, 2022, 17:47, Octavian [Masked] < @.***> wrote:
Preview: @Hax0rG1rl the default module can be a little confusing, I be --> SPAM? CLICK to BLOCK
This email is Masked using Blur - it was sent from github.com to @.*** (your reply stays Masked). To protect your privacy, do not forward this message, or add new recipients like CCs or BCCs.
Thanks for being a Blur customer! If you haven't yet, [ Try DeleteMe at a discount. ]
@.***Hax0rG1rl the default module can be a little confusing, I believe this is a horizontally scaling module. The way it’s supposed to work is:
axiom-scan mylocalwordlist.txt -m gobuster-dns yahoo.com
Where you’ll spilt a local wordlist and use the combined power of the fleet to brute force a signaler target ( specified in the command line or you can hardcore the target directly in the module), in this case yahoo.com.i should be able to make you a module that fits your needs, as long as I know the following:
what is the contents of 3.txt ( three root/target domains)? Is mylist.txt a list of words to use for brute forcing? If not what is it? What are you looking to accomplish?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
Hi,
I am trying to use the axiom's gobuster-dns module this way,
axiom-scan 3.txt -m gobuster-dns --fleet [my_fleet_name] -wD mylist.txt
However, I get this error message:
Any idea what I am doing wrong here?
Thanks!