diff --git a/.github/doc/Host-Identity-Format.md b/.github/doc/Host-Identity-Format.md new file mode 100644 index 0000000..0939f18 --- /dev/null +++ b/.github/doc/Host-Identity-Format.md @@ -0,0 +1,72 @@ +Host Identity Format +``` +target: + url: domain or apps + tech-stack: js, lalala + open-port: 80/http, 81/ssh + filtered-port: + host-ip: + recon: + - tools: nmap + report: file.html + - tools: theHarvester + report: file.txt + vuln-scan: + - tools: burp + report: lala.html + +recon-found: + source-code-leak: + - info: name of found + desc: lalala + report: file.html + image: file.png + GHDB: + - info: n/a + desc: lalala + report: file.html + image: file.png + virus-total: + - info: + detection-result: file + details-result: file + desc: + the-harvester: + - info: + desc: + result: file + web-archive: + - info: + desc: + image: + defacement: + osint-discovery: + directory-index: + reverse-ip-check: + project-management-tools: + - info: + desc: + +behaviour: + unique-behaviour: + - info: + desc: + - info: + desc: + third-party-hosted-content: + - info: + desc: + +http-responses: + - result: + desc: + +ssl-implemented: + - result: + http-redirect: (True/ False) + desc: + +shodan-result: + - info: + result-ip:https://www.shodan.io/search?query=net:1.2.3.4,5.6.7.8,9.10.11.12 +``` \ No newline at end of file diff --git a/.github/doc/Vulnerability-Report-Format.md b/.github/doc/Vulnerability-Report-Format.md new file mode 100644 index 0000000..024661b --- /dev/null +++ b/.github/doc/Vulnerability-Report-Format.md @@ -0,0 +1,58 @@ +Vulnerability Report Format +using YAML nuclei format +``` +id: url-slug-name-vuln-with-version + +info: + finding-name: Name of the Vulnerability + url: + author: person1, person2 + email: person1@efishery.com, person2@efishery.com + severity: high + cvss-score-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + owasp-score-vector: (SL:0/M:0/O:0/S:0/ED:0/EE:0/A:0/ID:0/LC:0/LI:0/LAV:0/LAC:0/FD:0/RD:0/NC:0/PV:0) + tags: tag,vulnerability,list + report: default-with-file-name.md + +poc: + - path: https://target.com/??adad=asdasd + step-to-reproduce: + - desc: first step + image: file.png + - desc: second step + image: file.png + image: file.png + nuclei: file.template + exploit: exploit.sh + - path: https://target.com/??adad=asdasd + step-to-reproduce: + - desc: first step + image: file.png + - desc: second step + image: file.png + image: file.png + nuclei: file.template + exploit: exploit.sh + +recommendation-to-fix: + - info: + desc: + link: + step-to-fix: + - desc: + image: + image: + +status: + requested_at: + open_at: + reviewed_at: + approved_at: + fixed_at: + validated_at: + duplidated_at: + hold_at: + rejected_at: + closed_at: + complete_at: +``` \ No newline at end of file diff --git a/.github/flow-axolotl.png b/.github/flow-axolotl.png new file mode 100644 index 0000000..0b8d666 Binary files /dev/null and b/.github/flow-axolotl.png differ diff --git a/.github/host-identity-1.png b/.github/host-identity-1.png new file mode 100644 index 0000000..de424ee Binary files /dev/null and b/.github/host-identity-1.png differ diff --git a/.github/preview-1.png b/.github/preview-1.png new file mode 100644 index 0000000..2bb5ebb Binary files /dev/null and b/.github/preview-1.png differ diff --git a/README.md b/README.md index 4ed1e99..c80c0e8 100644 --- a/README.md +++ b/README.md @@ -9,154 +9,119 @@ A simple bug reporting tools for hackers to input the finding and Host Identity, by record all the finding or host with git and without needs to install the tools. -File Structure +![The Finding simple statistic](.github/preview-1.png) + +This tools inspired from nuclei, where I usually working on my personal bug bounty and have a problem to record all the bug finding, while all the pentester tools have a many ability, this tools is focus on simplicity to record all security researcher activity. + +## How to Use + +Before everything else, you need to generate the directory structure of the axolotl, you can run this command + ``` -root of this repo -├── hosts -| ├── all.txt -| ├── Platform&Data -| | ├── platformdata.txt -| | ├── Infrastructure -| | | ├── infrastructure.txt -| | | └── apps -| | | ├── vulnerabilty-name.vuln -| | | └── poc -├── report-gen -| └── src -├── host-gen -| └── src -├── axolotl -| └── src -└── Makefile +./axolotl init ``` -Host Identity Format +and by default you will got this structure directory + +``` +dir +├── hosts (Host Identity) +├── outputs (Output of the template report) +├── poc (List of the Proof of Concept) +├── reports (Output Reports from tools) +├── templates (List of Template for Report Generator) +├── vuln (List of current existing finding) +└── config.yml (General config of the axolotl) ``` -target: - url: domain or apps - tech-stack: js, lalala - open-port: 80/http, 81/ssh - filtered-port: - host-ip: - recon: - - tools: nmap - report: file.html - - tools: theHarvester - report: file.txt - vuln-scan: - - tools: burp - report: lala.html - -recon-found: - source-code-leak: - - info: name of found - desc: lalala - report: file.html - image: file.png - GHDB: - - info: n/a - desc: lalala - report: file.html - image: file.png - virus-total: - - info: - detection-result: file - details-result: file - desc: - the-harvester: - - info: - desc: - result: file - web-archive: - - info: - desc: - image: - defacement: - osint-discovery: - directory-index: - reverse-ip-check: - project-management-tools: - - info: - desc: - -behaviour: - unique-behaviour: - - info: - desc: - - info: - desc: - third-party-hosted-content: - - info: - desc: - -http-responses: - - result: - desc: - -ssl-implemented: - - result: - http-redirect: (True/ False) - desc: - -shodan-result: - - info: - result-ip:https://www.shodan.io/search?query=net:1.2.3.4,5.6.7.8,9.10.11.12 + +ok after you init the project, next you need to understand the use of this tools, this is the flow where axolotl used: + +![The Simple flow of Axolotl](.github/flow-axolotl.png) + + +1. whenever you want to assessment you need to understand about the Target, usually called reconaissance Process, so you need to input all the target Identity Information, this is called `HostIdentity` + +to input new host identity you need to run this command + ``` -Vulnerability Report Format -using YAML nuclei format +./axolotl add -d ``` -id: url-slug-name-vuln-with-version +and the file will be generated and you can input the information as you need, or remove the unecessary field and will look like this + +```yml +id: testing.go.id info: - finding-name: Name of the Vulnerability - url: - author: person1, person2 - email: person1@efishery.com, person2@efishery.com - severity: high - cvss-score-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - owasp-score-vector: (SL:0/M:0/O:0/S:0/ED:0/EE:0/A:0/ID:0/LC:0/LI:0/LAV:0/LAC:0/FD:0/RD:0/NC:0/PV:0) - tags: tag,vulnerability,list - report: default-with-file-name.md + url: testing.go.id + tech-stacks: apache:2.4.6, centos, php:5.6.38, openssl + tag: gov, .go.id + open-ports: 80, 443, 2000, 3306, 8008 + host-ip: 103.23.45.67 + country: indonesia + +recons: +- tools: shodan domain + type: subdomain scanner + desc: https://beta.shodan.io/domain/testing.go.id +``` + +or you could see [Host-Identity-Format](.github/doc/Host-Identity-Format.md) for full format + +2. and after you found some vuln you need to input new vuln from specific host, run this command to add a new vuln: + +``` +./axolotl add -d -v +``` + +the file will generated and you can input the information as you need, or remove the unecessary field and will look like this +```yaml +id: bruteforce-wa +info: + finding-name: Bruteforce WA gojek cause crash + url: gojek.com + domain: gojek.com + author: k1m0ch1 + team: "" + email: "" + tags: "" + vuln-type: idor, misconfiguration + report-template: "" + external-terport: "" + risk-ratings: + severity: high + cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + owasp-vector: (SL:0/M:0/O:0/S:0/ED:0/EE:0/A:0/ID:0/LC:0/LI:0/LAV:0/LAC:0/FD:0/RD:0/NC:0/PV:0) poc: - - path: https://target.com/??adad=asdasd - step-to-reproduce: - - desc: first step - image: file.png - - desc: second step - image: file.png - image: file.png - nuclei: file.template - exploit: exploit.sh - - path: https://target.com/??adad=asdasd - step-to-reproduce: - - desc: first step - image: file.png - - desc: second step - image: file.png - image: file.png - nuclei: file.template - exploit: exploit.sh - -recommendation-to-fix: - - info: - desc: - link: - step-to-fix: - - desc: - image: - image: - -status: - requested_at: - open_at: - reviewed_at: - approved_at: - fixed_at: - validated_at: - duplidated_at: - hold_at: - rejected_at: - closed_at: - complete_at: -``` \ No newline at end of file +- path: /login + steps-to-reproduce: + - desc: just use the script exploit + images: [] + images: [] + nuclei-template: poc/script.yml + exploit: poc/script.py + desc: if you bruteforce the gojek WA, the app will crash +how-to-fix: [] +bounty: + bug-link: https://gojek-bug-bounty.com + writeup: "" + approved-score: "" + reward: 500USD + desc: "" +status: + created: + by: k1m0ch1 + time: 2022-03-18T21:25:32+07:00 + desc: found finding + reviewed: + by: k1m0ch1 + time: 2022-03-18T21:30:33+07:00 + desc: found finding +``` + +and after that you can see the simple statistic by running this command + +``` +./axolotl stat +``` +