-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Axiom integration - Lets go FAST! #385
Comments
What do you think @yogeshojha? |
Agree.. https://github.com/pry0cc/axiom rengine+axiom will be awesome |
Agree, this will be faster and solve IP blocking problem @yogeshojha |
Sounds awesome, give me sometime to think about it as I have never used axiom in the past. Need to see how we can use axiom in reNgine. If you have any ideas, please feel free to give. |
All the tools ReNgine uses, could be ran distributed across your botnet(linode/digital ocean).You can run ffuf across a fleet of hosts, it would split your dictionary up by the number of hosts you have in your botnet, each one gets a piece of the dictionary. Or you run Nuclei across 500 subdomains, axiom splits those subdomains up by the number of hosts in your botnet, each host gets their piece to run Nuclei against. Also, It would also be awesome to have Target Groups, so that all the domains in scope, can be grouped together. |
Is this idea still alive? |
I hope so haha!
…On Fri, Sep 24, 2021 at 10:41 AM Wellington Moraes ***@***.***> wrote:
Is this idea still alive?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#385 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALIXUOYWJ4VPQLURFWVNEADUDSEX3ANCNFSM43JK4QVA>
.
|
This would allow rengine to insanely scale up the scans! Also, as axiom machines would be doing all the hard work, rengine would possibly run smoothly while performing like 20 concurrent scans and would only need to store the results back in the local database. |
Hi, I would love to bring this to reNgine 1.1, can someone of you please schedule a call with me to show how AXIOM works and maybe we can discuss how to bring this to reNgine. My email is [email protected], please book my calendar meet and let's do this! |
Hey @yogeshojha , Here's a video of the developer showing it off at NahamCon 2021. I think he does a good job explaining how it works. NahamCon 2021 - Introduction to Axiom - The Dynamic Infrastructure Framework for Everybody! Another option, although I haven't used it yet, is https://github.com/FleexSecurity/fleex One thing that anyone who wants to use this will have to do, is create a ticket with the cloud provider requesting the ability to create bigger image sizes. Axiom will ask if you want it to create the ticket for you. I think I had to wait a day for that to happen, but you won't be able to use Axiom until that happens, unless you remove stuff from the image so it meets their default image size limit of like 6Gb. They also have limits to the number of droplets/linodes you can deploy, so we should have the ability to configure how many we want Rengine to attempt to deploy, because you can request an increase, which I was able to get to like 50 with Linode. All accounts start off with the ability to only create 20 concurrent active linodes, and 10 for Digital Ocean. I'm on discord if you want to chat👋 |
Perfect, I'll add you on Discord, in the meantime I will watch the talk and will get back to you if I have any questions. |
@yogeshojha were you able to take a look at the videos? Let me know if you want to schedule a meeting so I can do a small demonstration |
Is this idea still alive? |
Hi @yogeshojha |
Is this idea still alive? @yogeshojha |
Shadowclone could be alternative if axiom too hard to integrate https://github.com/fyoorer/ShadowClone this was faster than axiom and its more flexible too. |
Is this idea still alive? |
@yogeshojha |
We will try to implement ShadowClone when we have time |
Is your feature request related to a problem? Please describe.
Scanning from one machine is so boring and slow. Lets get distributed and go fast.
Describe the solution you'd like
If user enabled use of Axiom in the scan engine, all scans using that engine are distributed among the axiom hosts.
Also, I wouldn't want a large fleet of hosts created by axiom running with nothing to do for a long time so checking for whether or not there is anything in the queue, or if something is taking way too long to kill it.
https://github.com/pry0cc/axiom
Describe alternatives you've considered
Using axiom manually
Additional context
This will increase the speed in which people are able to scan, also reduce the effect of being rate-limited/blocked. You could also advertise your referral links for the cloud hosting providers supported by Axiom! 👍
It's pretty easy to manually add modules to Axiom too!
The text was updated successfully, but these errors were encountered: