search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
4.06k stars 645 forks source link

Axion-scan commands not working #548

Closed ghost closed 2 years ago

ghost commented 2 years ago

@pry0cc @0xtavian Please help i want to run this single template and i'm not able to run.

Also i have my custom templates in this path /root/custom-templates how can i run my custom templates

axiom-scan ~/target/subs_httpx -m nuclei --nuclei-templates /root/nuclei-templates/cves/2020/CVE-2020-0XXX.yaml -o nuclei.txt

axiom-scan ~/target/subs_httpx -m nuclei -wL /root/custom-templates/CVE-2020-0XXX.yaml -o nuclei.txt

0xtavian commented 2 years ago

To upload a folder of nuclei templates use —nuclei-templates. To upload a single template use -wL. If you are still having issue post the command and terminal output.

ghost commented 2 years ago

Two templates available in this folder /root/nt but i'm getting error like no valid templates were found.

~ axiom-scan ~/target/target_subs_httpx -m nuclei --nuclei-templates /root/nt -o nucleint
 __ () ____ / / |/_/ / __ \/ __ ____/ _/ / `/ \ / // /> </ / /_/ / / / / / /___( ) // // / / / / _,//|//_// // // /__/_/\,// /_/

                                @pry0cc
                             & @0xtavian

creating scan working directory at : /home/op/scan/nuclei+1651301765/ uploading local folder ( nuclei-templates ) : /root/nt to /home/op/scan/nuclei+1651301765/nt... custom folder uploaded successfully! module: [ nuclei ] | module args: [ ] | input: [ 10 lines ] | instances: 5 [ bounty01 bounty02 bounty03 bounty04 bounty05 ] | command: [ /home/op/go/bin/nuclei -silent -update ; cat input | /home/op/go/bin/nuclei -t /home/op/scan/nuclei+1651301765/nt -o output ] | ext: [ txt ] | threads: [ null ] spliting and distributing input file... [ OK ]

                 __     _

__ ___/ / (_) / \/ / / / / / \/ / / / / / // / // / / / // //_,/\/_/__// 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage. [INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8 [INF] Downloading latest release...

                 __     _

__ ___/ / (_) / \/ / / / / / \/ / / / / / // / // / / / // //_,/\/_/__// 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage. [INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8 [INF] Downloading latest release...

                 __     _

__ ___/ / (_) / \/ / / / / / \/ / / / / / // / // / / / // //_,/\/_/__// 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage. [INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8 [INF] Downloading latest release...

                 __     _

__ ___/ / (_) / \/ / / / / / \/ / / / / / // / // / / / // //_,/\/_/__// 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage. [INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8 [INF] Downloading latest release...

__ ___/ / (_) / \/ / / / / / \/ / / / / / // / // / / / // //_,/\/_/__// 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage.

[INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8 [INF] Downloading latest release... [INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck! [INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck! [INF] Using Nuclei Engine 2.6.9 (latest) [INF] Using Nuclei Templates 8.9.8 (latest) [FTL] Could not run nuclei: no valid templates were found [INF] Using Nuclei Engine 2.6.9 (latest) [INF] Using Nuclei Templates 8.9.8 (latest) [FTL] Could not run nuclei: no valid templates were found [INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck! [INF] Using Nuclei Engine 2.6.9 (latest) [INF] Using Nuclei Templates 8.9.8 (latest) [FTL] Could not run nuclei: no valid templates were found [INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck! [INF] Using Nuclei Engine 2.6.9 (latest) [INF] Using Nuclei Templates 8.9.8 (latest) [FTL] Could not run nuclei: no valid templates were found [INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck!

@pry0cc @0xtavian I'm getting error like [FTL] Could not run nuclei: no valid templates were found.

0xtavian commented 2 years ago

Can you ssh into an instance, cd into the scan working directory, check if the templates were uploaded and try running the command manually?

absane commented 2 years ago

Wanted to jump in to say that I am also having issues with axiom-scan. Basically, I can't get it to work for nmap. I've installed Axiom twice now, one within a VM and another with Docker. IN both installs, I had issues with Interlace not working with Python 3.10, which I think I fixed. When I run this command, it seems that everything worked:

axiom-scan test.txt -m nmap -sT -p- -sV -v --open -oA nmap -sC

The output claims that Axiom is doing something, but after it exists I get no scan results. When I SSH to the Axiom server and check the scan folder, all; the files exist but are empty, including the "command" file that I would expect to have the commands I sent.

When I try the nmapx module, I have better luck actually seeing the command get executed on the server. However, after scanning a few ports the nmap process just hangs, using no CPU cycles.

I've got no idea where to go from here.

0xtavian commented 2 years ago

@absane can you show me the nmap module?

0xtavian commented 2 years ago

Are you seeing any errors running axiom-exec id? If so you might need to follow this temp workaround if using axiom docker (https://github.com/pry0cc/axiom/issues/555). If you are running Ubuntu 20.04 for your axiom controller, you dont need the temp workaround. What is your base OS?

Edit: what did you do to fix the interlace issue? thats likely the problem. Can you upload a copy of axiom-scan debug output?

axiom-scan test.txt -m nmap -sT -p- -sV -v --open -oA nmap -sC --debug --cache

Also, to use -oA you'll need to edit the nmap module 

➜  ~ cat .axiom/modules/nmap.json 
[
        {
                "command":"sudo nmap -iL input -oA output/output",
                "ext":"dir"
        },
        {
                "command":"sudo nmap -iL input -oG output",
                "ext":"txt"
        },
        {
                "command":"sudo nmap -iL input -oX output",
                "ext":"xml"
        }
]
➜  ~ cat input                                        
tesla.com
microsoft.com
google.com

➜  ~ axiom-scan input -m nmap -oA test                
setting output directory to: 'test'
              _
  ____ __  __(_)___  ____ ___        ______________ _____                                                                                                                                                       
 / __ `/ |/_/ / __ \/ __ `__ \______/ ___/ ___/ __ `/ __ \                                                                                                                                                      
/ /_/ />  </ / /_/ / / / / / /_____(__  ) /__/ /_/ / / / /                                                                                                                                                      
\__,_/_/|_/_/\____/_/ /_/ /_/     /____/\___/\__,_/_/ /_/                                                                                                                                                       

                                    @pry0cc                                                                                                                                                                     
                                 & @0xtavian                                                                                                                                                                    

creating scan working directory at : /home/op/scan/nmap+1653603728/
module: [ nmap ] | module args: [  ] | input: [ 3 lines ] |
instances:  3  [ austin01 austin02 austin03 ] |                                                                                                                                                                 
command: [ sudo nmap -iL input -oA output/output ] | ext: [ dir ] | threads: [ null ]                                                                                                                           
spliting and distributing input file...                                                                                                                                                                         
[ OK ]
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-26 22:22 UTC
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-26 22:22 UTC
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-26 22:22 UTC
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 22:22 (0:00:00 remaining)
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 22:22 (0:00:00 remaining)
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 22:22 (0:00:00 remaining)
Nmap scan report for google.com (172.217.5.110)
Host is up (0.0018s latency).
Other addresses for google.com (not scanned): 2607:f8b0:4005:808::200e
rDNS record for 172.217.5.110: sfo03s07-in-f14.1e100.net
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.72 seconds
Nmap scan report for tesla.com (96.16.108.43)
Host is up (0.14s latency).
Other addresses for tesla.com (not scanned): 184.50.204.169 104.86.104.55 23.201.26.71 104.89.119.127 184.30.18.203
rDNS record for 96.16.108.43: a96-16-108-43.deploy.static.akamaitechnologies.com
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 10.26 seconds
Nmap scan report for microsoft.com (20.103.85.33)
Host is up (0.15s latency).
Other addresses for microsoft.com (not scanned): 20.84.181.62 20.112.52.29 20.53.203.50 20.81.111.85
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 10.69 seconds
austin02 scan finished
austin03 scan finished
austin01 scan finished
Mode set to directory... Merging directories...
Appending axiom-scan runtime statistics to : /home/kava/.axiom/stats.log
module: [ nmap ] | module args: [  ] | instances: [ 3 ] | targets: [ 3 targets ] | results: [ 9 results ] |
runtime: [ 00h:00m:38s ] | date: [ Thu May 26 22:22:08 UTC 2022 ] | id: [ nmap+1653603728 ] |                                                                                                                   
output: [ /home/kava/test ] | log: [ /home/kava/.axiom/logs/nmap+1653603728 ] | remote: [ /home/op/scan/nmap+1653603728 ]  |                                                                                    
command: [ sudo nmap -iL input -oA output/output ] | ext: [ dir ] | threads: [ null ]                    

➜  ~ ls test/merge 
output.gnmap  output.gnmap.~1~  output.gnmap.~2~  output.nmap  output.nmap.~1~  output.nmap.~2~  output.xml  output.xml.~1~  output.xml.~2~
absane commented 2 years ago

Running commands directly with axiom-exec id work just fine. So, I can manually kick off nmap that way.

Base OS for the VM I tried was Kali Linux. For the Docker, I am running that in Windows. Both give the same exact problems. Both are also using the Axiom as I did a fresh install a few hours ago.

I found the workaround to the Interlace issue I was initially having at this issue comment.

I just now edited .axiom/modules/nmap.json and I think that actually solved my problem, in combination with the Interlace work around. I am trying different scan options and they all seem to work now. When I did the --debug option, I did see an error at the bottom stating that the nmap files could not be created/accessed, which is what broke the whole thing. It's clear as to why now.

I don't know why I didn't think of it before, but also I think maybe in the past the -oA options was supported, indirectly or my memory is misleading me. Either way, it seems to work now.

Much appreciated!