search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
3.98k stars 617 forks source link

Axiom breaks with DO if any droplet has a reserved IP #613

Open sudo-jtcsec opened 1 year ago

sudo-jtcsec commented 1 year ago

After spinning up a new DO fleet, I kept getting sshconfig errors when launching scans such as below:

/root/.axiom/tmp/gau+16631043189022/sshconfig line 7: no argument after keyword "167.172.x.y"
/root/.axiom/tmp/gau+16631043189022/sshconfig: terminating, 2 bad configuration options
error with number of instances, exiting

Looking at my .axiom/.sshconfig file, I found an entry was scuffed:

Host recon-automation-manager-vm
        HostName 137.184.x.y
167.172.x.y
167.172.x.y
        User op
        Port 2266

The issue persisted after I fixed the config file manually - Im assuming its checked in the background and will repush the bad config.

More investigation shows that for a DO droplet not in my fleet I configured a reserved IP, which I believe is being returned in a query for VM IPs as an unexpected additional entry, which then breaks the sshconfig generation.

thapr0digy commented 1 year ago

Just recently ran into this, but also think it might be good to only create new sshconfig for droplets that have been created by axiom. I worked around this by creating a new "instances_axiom()" function in do-functions.sh. I'll try and submit a PR.