search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
4k stars 622 forks source link

Trim IPs returned to make sure only 1 is output #614

Open sudo-jtcsec opened 2 years ago

sudo-jtcsec commented 2 years ago

If other public IPs are configured (i.e. reserved IP) multiple IPs are output and breaks the SSH config generation which prevents scanning

I just opened issue #613 for this, but I think the solution is very simple. With DO reserved IPs, the droplet can be accessed via any that is returned and set to public (barring any host-specific configurations). For axiom's purposes, it doesn't matter which IP is used, so just get the first one that is returned and call it a day.

Quick verified it locally:

# doctl compute droplet list -o json | jq -r ".[]? | select(.name==\"recon-automation-manager-vm\") | .networks.v4[]? | select(.type==\"public\") | .ip_address"
137.184.x.y
167.172.x.y
167.172.x.y
# doctl compute droplet list -o json | jq -r ".[]? | select(.name==\"recon-automation-manager-vm\") | .networks.v4[]? | select(.type==\"public\") | .ip_address" | head -1
137.184.x.y
#
sudo-jtcsec commented 2 years ago

Further testing revealed that more changes were needed - since sshconfig was being regenerated the multiple-ips kept returning. inside the generate_sshconfig() function the IPs are manually grabbed again, rather then calling one of the other functions (though I updated them both anyways). I tested locally scanning without the cache option and the sshconfig file is being created properly now