Skip to content

toolings for pentester to makes their life easier

License

Notifications You must be signed in to change notification settings

k1m0ch1/axolotl

Repository files navigation

                   ___      ___   ___   ______    __        ______   .___________. __
                  /   \     \  \ /  /  /  __  \  |  |      /  __  \  |           ||  |
                 /  ^  \     \  V  /  |  |  |  | |  |     |  |  |  | `---|  |----`|  |
                /  /_\  \     >   <   |  |  |  | |  |     |  |  |  |     |  |     |  |
               /  _____  \   /  .  \  |  `--'  | |  `----.|  `--'  |     |  |     |  `----.
              /__/     \__\ /__/ \__\  \______/  |_______| \______/      |__|     |_______|

Axolotl - ez vuln record

axolotl is a pentest collaboration tools, comes with a simple feature, and it want to keep it simple, you only need to install axolotl and git on your machine. It has a main purpose to store and collaborate all finding with your team or yourself, and axolotl process the data to simplify lookup data, make a simple statistic and generate a simple report.

When it comes with pentestration collaboration tools, It becomes hard when you manage the document based, sometime rely on file you store on harddrive or cloud storage is hard to manage, and you need times to makes a report or statistic.

Another option, you can manage every finding with "any" pentest documentation tools, sometime with great feature generate documentation and statistic, but it comes with problem you need to pay, sometime you need to install on your server/local and have many requirement to install.

axolotl comes with a simple feature, and it want to keep it simple, you only need to install axolotl and git on your machine. It has a main purpose to store and collaborate all finding with your team or yourself, and axolotl process the data to simplify lookup data, make a simple statistic and generate a simple report.

Axolotl inspired from nuclei project, where I'm using nuclei as the collaboration tools for poc.

tl;dr axolotl

!!Attention!! All data at the screenshot is all dummy, not real data
  1. Download the binary from Release
  2. Install on your machine
  3. Run axolotl init to create new directory structure
  4. Generate host identity and input as you needs (if you didn't need the key, just delete the key)
axolotl add -d domain.com

5. Generate Vulnerability Finding and input as you needs (if you didn't need the key, just delete the key)
axolotl add -d domain.com -v vuln-name-without-space

6. List all current Host
axolotl lookup host

7. List all current Vuln
axolotl lookup vuln

8. Information Host with Vuln
axolotl info -d domain.com

9. simple statistic about your finding
axolotl stat

  1. repeat from 4 to add more host and vuln finding

Check How to use page for detail how to use

Docker Usage

Building

docker build . -t axolotl

Run it with volume

docker run -v ./testworkdir:/workdir -it axolotl --help

Operation in docker

Here is sample commands with docker

PS C:\> docker run -v ./testworkdir:/workdir -it axolotl add -d example.com

──────────────────────────────────────
Axolotl v0.2.0-alpha - Ez Vuln Record
https://github.com/k1m0ch1/axolotl
──────────────────────────────────────

[+] Host example.com is Created at ./hosts

PS C:\> docker run -v ./testworkdir:/workdir -it axolotl add -d example.com -p 443 -v IDOR

──────────────────────────────────────
Axolotl v0.2.0-alpha - Ez Vuln Record
https://github.com/k1m0ch1/axolotl
──────────────────────────────────────

[+] File IDOR.yml is generated at ./vulns, Happy Hacking!

PS C:\> docker run -v ./testworkdir:/workdir -it axolotl info -d example.com

──────────────────────────────────────
Axolotl v0.2.0-alpha - Ez Vuln Record
https://github.com/k1m0ch1/axolotl
──────────────────────────────────────
Info Result of the Domain `example.com`

Domain `example.com`  ()


Technology :

Current Vulnerability :
1. IDOR
    ()

Release and Contributing

We appreciate all contributions. If you are planning to contribute any bug-fixes, please do so without further discussions.

If you plan to contribute new features, new tuners, new training services, etc. please first open an issue or reuse an exisiting issue, and discuss the feature with us. We will discuss with you on the issue timely or set up conference calls if needed.

To learn more about making a contribution to axolotl, please refer to our How-to contribution page.

Please let us know if you encounter a bug by filling an issue.

We appreciate all contributions and thank all the contributors!

About

toolings for pentester to makes their life easier

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages