Hello Infosec Community!
I have been in the Bug Bounty world for a while and I would like to share my approach for everyone, especially newcomers to cybersecurity. I have been successful in the past few months since I have found my own way to rake some cash from the bugs I have found. Here are my results of the past couple of weeks I was active:
These series will be about the tool which helps a lot for speeding up the testing tasks using open source security testing tools. I am pretty sure that it will be helpful not only for Bug Bounty Hunters but also for the Pentesters. So stay tuned since I will be sharing quite useful tips and strategies for the upcoming posts!
Most of my bug hunting methodology is manual testing even though Axiom is usually used for automation. It really depends on the target you choose — the program scope, requirements and your own knowledge. Having that in mind, I see the value of the axiom for testing medium to high scope targets, since the tool helped me save hundreds, perhaps even thousands of hours of testing. Why I don’t go fully automated and my thoughts about it, maybe it’s the topic for another day.
IMPORTANT: Do not use this article to start doing something unethical, make sure to follow the guidelines of the cloud providers, since the axiom uses the resources of them. Also, follow the guidelines of the program you are participating in as well, since those usually have policies that should be considered before even starting to test.
Some of you will probably know what the axiom is already or just heard about it but not yet tried. If you are one of those people, please skip this paragraph and immediately jump to the next part of this post.
The pry0cc/axiom lets you spin multiple server instances, even the hundreds or thousands if your cloud provider allows it. You can control those instances from your terminal easily by using favorite infosec tools for recon process, vulnerability scanning and more. So basically, you will have multiple servers doing tasks for you without much struggle. It’s like having your own botnet on cloud, but of course, as a whitehat!
You can even customize it enough to have your own scripts running on the cloud, wordlists being used by those scripts, uploading/downloading files to those instances and many more features.
I will be covering the setup I would like to use for this tool for my daily bounties journey. Each of the following articles will be about different use cases for axiom.
Before you even start unlocking the power of this great tool, there are a couple things that you should keep in mind:
Prerequisites
My preferred way of choice is to use those OS systems, which have bash scripting language already since it makes life easier to run most of open source security tools. If you are using Windows or not planning to use it locally, I also recommend having VPS which could be your Command and Control server for spawning Axiom instances. Just make sure that it won’t be on the same provider or have backups since some self instance delete could happen.
I also recommend setting up cloud provider API key in advance before installation. Every cloud provider is different, but for example you can access the DigitalOcean API keys here once you have logged in into your account.
Installation options
bash <(curl -s https://raw.githubusercontent.com/pry0cc/axiom/master/interact/axiom-configure)
2. You could use docker:
docker exec -it $(docker run -d -it — platform linux/amd64 ubuntu:20.04) sh -c “apt update && apt install git -y && git clone https://github.com/pry0cc/axiom ~/.axiom/ && cd && .axiom/interact/axiom-configure”
3. My own preferred way is doing it manually, since it does allow a lot of customization options.
Clone the git repository:
git clone https://github.com/pry0cc/axiom ~/.axiom/
Optional: You could customize your own instance on which security tools it will have as it will be cloned during the instance spawn process. You should use default.json as the example, and you create your own .json file here:
cd ~/.axiom/images/provisioners
ls
...
barebones.json classic.json default.json l light.json nuclei.json reconftw.json recon.json xss.json
Just know one thing that if you have edited, added or deleted files in ~/.axiom directory, it will be not possible to update it from the github repository.
Next, in order to initiate install process execute this command:
$HOME/.axiom/interact/axiom-configure
Once you press ENTER, it will update and upgrade your OS, download and upgrade the tools required for Axiom to run successfully.
Next, select your preferred terminal language, mine is BASH:
It will update the dependencies from github repository. You will be prompted again if you want setup amass config. Just press n and ENTER. Now select your own cloud provider here. As I mentioned I use DO:
Provide you DO token:
Next, ignore ping errors and just select the region and droplet size, I have put the values as the wizard suggested, but if you want to customize it you should check cloud docs:
Name your profile. All the configuration you have did before will be saved into the profile file. You can switch profiles later, if you decide to use other cloud provider. I have named mine do_account:
Now you will be asked which provisioner you will be using. As I mentioned on the Installation options part, you could have customized your own provisioner .json file, so you could use that one. For example, I have created recon.json just to have simple image with only initial recon:
But for the sake of simplicity, I will use default provisioner will most of security tools already prepared:
Now the long part, it will take 25–50minutes depending on your internet speed and etc. So be patient:
Congrats you have successfully installed the Axiom! Get ready, the next part will be more interesting as I will cover the common features and my own tricks how I gather initial data about the target.
Subscribe to my page to not miss any upcoming stories. Also follow me on twitter, since I am planning to share some short insights, cool tricks and bypasses there as well.
References
Think meme gif — https://tenor.com/IYuX.gif
Hacking in progress gif — https://tenor.com/bmmLd.gif