search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
3.92k stars 615 forks source link

axiom-scan question about the threading and splitting wordlists #708

Closed abdilahrf closed 11 months ago

abdilahrf commented 1 year ago

Using this command : axiom-scan target.txt -m ffuf -wD ~/Tools/wordlist/all.txt -H "X-Forwarded-For:127.0.0.1" -mc all -fc 404 -ac -sf -o ffuf.csv

all.txt => 1M wordlist
target.txt => https://google.com

axiom will only select 1 instance for scanning, but I was expecting axiom to split the wordlist all.txt to multiple instance lets say 5 and it will become all.txt-1 all.txt-2 all.txt-3 all.txt-4 all.txt-5 each wordlist will have 200k lines and scan https://google.com with 5 instances.

am i using axiom-scan wrong or this thing is not currently supported yet?

0xdef1ant commented 11 months ago

also wondering this

Lengso commented 11 months ago

The default should be to divide the delivery fleet according to the input target. It should be possible to customize a module and use the word list as input

0xtavian commented 11 months ago

@abdilahrf @0xdef1ant sorry for the delay. So this syntax wasn’t supported until the last commit. The relevant issue is here https://github.com/pry0cc/axiom/issues/739#issue-1805303064.

The syntax atm is (but this not the preferred way of doing this)

axiom-scan single-target.txt -m ffuf -wD fuzz.txt -f 'test*' --dont-split -o fuff-output.txt

You have to specify the fleet prefix (-f myfleet*) and —dont-split for this to work.

Using this command : axiom-scan target.txt -m ffuf -wD ~/Tools/wordlist/all.txt -H "X-Forwarded-For:127.0.0.1" -mc all -fc 404 -ac -sf -o ffuf.csv

all.txt => 1M wordlist
target.txt => https://google.com

axiom will only select 1 instance for scanning, but I was expecting axiom to split the wordlist all.txt to multiple instance lets say 5 and it will become all.txt-1 all.txt-2 all.txt-3 all.txt-4 all.txt-5 each wordlist will have 200k lines and scan https://google.com with 5 instances.

am i using axiom-scan wrong or this thing is not currently supported yet?

thanks @Lengso! And yes this is the preferred!

@abdilahrf @0xdef1ant please see the horizontal versus vertical scanning wiki page. Ideally, the input file should be a wordlist (not a target list) to split and upload. You can then specify the single target in the command-line, or you can hardcode it in the module directly. https://github.com/pry0cc/axiom/wiki/Horizontal-vs-Vertical-Scaling

The default should be to divide the delivery fleet according to the input target. It should be possible to customize a module and use the word list as input

going to close this but lmk if you have any more issues.