change: Propoer Documentation to read

k1m0ch1 · Mar 20, 2022 · d5d1634 · d5d1634
1 parent ef2de5e
commit d5d1634
Show file tree

Hide file tree

Showing 6 changed files with 236 additions and 141 deletions.
diff --git a/.github/doc/Host-Identity-Format.md b/.github/doc/Host-Identity-Format.md
@@ -0,0 +1,72 @@
+Host Identity Format
+```
+target:
+  url: domain or apps 
+  tech-stack: js, lalala
+  open-port: 80/http, 81/ssh
+  filtered-port: 
+  host-ip: 
+  recon:
+    - tools: nmap
+      report: file.html
+    - tools: theHarvester
+      report: file.txt
+  vuln-scan:
+    - tools: burp
+      report: lala.html
+
+recon-found:
+  source-code-leak:
+    - info: name of found
+      desc: lalala
+      report: file.html
+      image: file.png
+  GHDB:
+    - info: n/a
+      desc: lalala
+      report: file.html
+      image: file.png
+  virus-total:
+    - info:
+      detection-result: file
+      details-result: file
+      desc: 
+  the-harvester:
+    - info:
+      desc:
+      result: file
+  web-archive:
+    - info:
+      desc:
+      image: 
+  defacement:
+  osint-discovery:
+  directory-index:
+  reverse-ip-check:
+  project-management-tools:
+    - info:
+      desc:
+
+behaviour:
+  unique-behaviour:
+    - info:
+      desc:
+    - info:
+      desc:
+  third-party-hosted-content:
+    - info:
+      desc:
+
+http-responses:
+  - result:
+    desc:
+
+ssl-implemented:
+  - result:
+    http-redirect: (True/ False)
+    desc:
+
+shodan-result:
+  - info:
+    result-ip:https://www.shodan.io/search?query=net:1.2.3.4,5.6.7.8,9.10.11.12
+```
diff --git a/.github/doc/Vulnerability-Report-Format.md b/.github/doc/Vulnerability-Report-Format.md
@@ -0,0 +1,58 @@
+Vulnerability Report Format
+using YAML nuclei format
+```
+id: url-slug-name-vuln-with-version
+
+info:
+  finding-name: Name of the Vulnerability
+  url: 
+  author: person1, person2
+  email: [email protected], [email protected]
+  severity: high
+  cvss-score-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+  owasp-score-vector: (SL:0/M:0/O:0/S:0/ED:0/EE:0/A:0/ID:0/LC:0/LI:0/LAV:0/LAC:0/FD:0/RD:0/NC:0/PV:0)
+  tags: tag,vulnerability,list
+  report: default-with-file-name.md 
+
+poc:
+  - path: https://target.com/??adad=asdasd
+    step-to-reproduce:
+      - desc: first step
+        image: file.png
+      - desc: second step
+        image: file.png
+    image: file.png
+    nuclei: file.template
+    exploit: exploit.sh
+  - path: https://target.com/??adad=asdasd
+    step-to-reproduce:
+      - desc: first step
+        image: file.png
+      - desc: second step
+        image: file.png
+    image: file.png
+    nuclei: file.template
+    exploit: exploit.sh
+
+recommendation-to-fix:
+  - info:
+    desc:
+    link:
+    step-to-fix:
+      - desc: 
+        image:
+    image:
+
+status: 
+  requested_at:
+  open_at:
+  reviewed_at:
+  approved_at:
+  fixed_at:
+  validated_at:
+  duplidated_at:
+  hold_at:
+  rejected_at:
+  closed_at:
+  complete_at:
+```
diff --git a/.github/flow-axolotl.png b/.github/flow-axolotl.png
diff --git a/.github/host-identity-1.png b/.github/host-identity-1.png
diff --git a/.github/preview-1.png b/.github/preview-1.png
diff --git a/README.md b/README.md
@@ -9,154 +9,119 @@
 
 A simple bug reporting tools for hackers to input the finding and Host Identity, by record all the finding or host with git and without needs to install the tools.
 
-File Structure  
+![The Finding simple statistic](.github/preview-1.png)
+
+This tools inspired from nuclei, where I usually working on my personal bug bounty and have a problem to record all the bug finding, while all the pentester tools have a many ability, this tools is focus on simplicity to record all security researcher activity.
+
+## How to Use
+
+Before everything else, you need to generate the directory structure of the axolotl, you can run this command
+
 ```
-root of this repo
-├── hosts
-| ├── all.txt
-| ├── Platform&Data
-| | ├── platformdata.txt
-| | ├── Infrastructure
-| | |  ├── infrastructure.txt
-| | |  └── apps
-| | |   ├── vulnerabilty-name.vuln
-| | |   └── poc
-├── report-gen
-| └── src
-├── host-gen
-| └── src
-├── axolotl
-| └── src
-└── Makefile
+./axolotl init
 ```
 
-Host Identity Format
+and by default you will got this structure directory
+
+```
+dir
+├── hosts       (Host Identity)
+├── outputs     (Output of the template report)
+├── poc         (List of the Proof of Concept)
+├── reports     (Output Reports from tools)
+├── templates   (List of Template for Report Generator)
+├── vuln        (List of current existing finding)
+└── config.yml  (General config of the axolotl)
 ```
-target:
-  url: domain or apps 
-  tech-stack: js, lalala
-  open-port: 80/http, 81/ssh
-  filtered-port: 
-  host-ip: 
-  recon:
-    - tools: nmap
-      report: file.html
-    - tools: theHarvester
-      report: file.txt
-  vuln-scan:
-    - tools: burp
-      report: lala.html
-
-recon-found:
-  source-code-leak:
-    - info: name of found
-      desc: lalala
-      report: file.html
-      image: file.png
-  GHDB:
-    - info: n/a
-      desc: lalala
-      report: file.html
-      image: file.png
-  virus-total:
-    - info:
-      detection-result: file
-      details-result: file
-      desc: 
-  the-harvester:
-    - info:
-      desc:
-      result: file
-  web-archive:
-    - info:
-      desc:
-      image: 
-  defacement:
-  osint-discovery:
-  directory-index:
-  reverse-ip-check:
-  project-management-tools:
-    - info:
-      desc:
-
-behaviour:
-  unique-behaviour:
-    - info:
-      desc:
-    - info:
-      desc:
-  third-party-hosted-content:
-    - info:
-      desc:
-
-http-responses:
-  - result:
-    desc:
-
-ssl-implemented:
-  - result:
-    http-redirect: (True/ False)
-    desc:
-
-shodan-result:
-  - info:
-    result-ip:https://www.shodan.io/search?query=net:1.2.3.4,5.6.7.8,9.10.11.12
+
+ok after you init the project, next you need to understand the use of this tools, this is the flow where axolotl used:
+
+![The Simple flow of Axolotl](.github/flow-axolotl.png)
+
+
+1. whenever you want to assessment you need to understand about the Target, usually called reconaissance Process, so you need to input all the target Identity Information, this is called `HostIdentity` 
+
+to input new host identity you need to run this command
+
 ```
-Vulnerability Report Format
-using YAML nuclei format
+./axolotl add -d <target.com>
 ```
-id: url-slug-name-vuln-with-version
 
+and the file will be generated and you can input the information as you need, or remove the unecessary field and will look like this
+
+```yml
+id: testing.go.id
 info:
-  finding-name: Name of the Vulnerability
-  url: 
-  author: person1, person2
-  email: [email protected], [email protected]
-  severity: high
-  cvss-score-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-  owasp-score-vector: (SL:0/M:0/O:0/S:0/ED:0/EE:0/A:0/ID:0/LC:0/LI:0/LAV:0/LAC:0/FD:0/RD:0/NC:0/PV:0)
-  tags: tag,vulnerability,list
-  report: default-with-file-name.md 
+  url: testing.go.id
+  tech-stacks: apache:2.4.6, centos, php:5.6.38, openssl
+  tag: gov, .go.id
+  open-ports: 80, 443, 2000, 3306, 8008
+  host-ip: 103.23.45.67
+  country: indonesia
+
+recons:
+- tools: shodan domain
+  type: subdomain scanner
+  desc: https://beta.shodan.io/domain/testing.go.id
+```
+
+or you could see [Host-Identity-Format](.github/doc/Host-Identity-Format.md) for full format
+
+2. and after you found some vuln you need to input new vuln from specific host, run this command to add a new vuln:
+
+```
+./axolotl add -d <target.com> -v <vuln-name-without-space>
+```
+
+the file will generated and you can input the information as you need, or remove the unecessary field and will look like this
 
+```yaml
+id: bruteforce-wa
+info:
+  finding-name: Bruteforce WA gojek cause crash
+  url: gojek.com
+  domain: gojek.com
+  author: k1m0ch1
+  team: ""
+  email: ""
+  tags: ""
+  vuln-type: idor, misconfiguration
+  report-template: ""
+  external-terport: ""
+  risk-ratings:
+    severity: high
+    cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    owasp-vector: (SL:0/M:0/O:0/S:0/ED:0/EE:0/A:0/ID:0/LC:0/LI:0/LAV:0/LAC:0/FD:0/RD:0/NC:0/PV:0)
 poc:
-  - path: https://target.com/??adad=asdasd
-    step-to-reproduce:
-      - desc: first step
-        image: file.png
-      - desc: second step
-        image: file.png
-    image: file.png
-    nuclei: file.template
-    exploit: exploit.sh
-  - path: https://target.com/??adad=asdasd
-    step-to-reproduce:
-      - desc: first step
-        image: file.png
-      - desc: second step
-        image: file.png
-    image: file.png
-    nuclei: file.template
-    exploit: exploit.sh
-
-recommendation-to-fix:
-  - info:
-    desc:
-    link:
-    step-to-fix:
-      - desc: 
-        image:
-    image:
-
-status: 
-  requested_at:
-  open_at:
-  reviewed_at:
-  approved_at:
-  fixed_at:
-  validated_at:
-  duplidated_at:
-  hold_at:
-  rejected_at:
-  closed_at:
-  complete_at:
-```
+- path: /login
+  steps-to-reproduce:
+  - desc: just use the script exploit
+    images: []
+  images: []
+  nuclei-template: poc/script.yml
+  exploit: poc/script.py
+  desc: if you bruteforce the gojek WA, the app will crash
+how-to-fix: []
+bounty:
+  bug-link: https://gojek-bug-bounty.com
+  writeup: ""
+  approved-score: ""
+  reward: 500USD
+  desc: ""
+status:
+  created:
+    by: k1m0ch1
+    time: 2022-03-18T21:25:32+07:00
+    desc: found finding
+  reviewed:
+    by: k1m0ch1
+    time: 2022-03-18T21:30:33+07:00
+    desc: found finding
+```
+
+and after that you can see the simple statistic by running this command
+
+```
+./axolotl stat
+```
+