Hello Infosec Community!

I have been in the Bug Bounty world for a while and I would like to share my approach for everyone, especially newcomers to cybersecurity. I have been successful in the past few months since I have found my own way to rake some cash from the bugs I have found. Here are my results of the past couple of weeks I was active:

These series will be about the tool which helps a lot for speeding up the testing tasks using open source security testing tools. I am pretty sure that it will be helpful not only for Bug Bounty Hunters but also for the Pentesters. So stay tuned since I will be sharing quite useful tips and strategies for the upcoming posts!

Disclaimer

Most of my bug hunting methodology is manual testing even though Axiom is usually used for automation. It really depends on the target you choose — the program scope, requirements and your own knowledge. Having that in mind, I see the value of the axiom for testing medium to high scope targets, since the tool helped me save hundreds, perhaps even thousands of hours of testing. Why I don’t go fully automated and my thoughts about it, maybe it’s the topic for another day.

IMPORTANT: Do not use this article to start doing something unethical, make sure to follow the guidelines of the cloud providers, since the axiom uses the resources of them. Also, follow the guidelines of the program you are participating in as well, since those usually have policies that should be considered before even starting to test.

Some of you will probably know what the axiom is already or just heard about it but not yet tried. If you are one of those people, please skip this paragraph and immediately jump to the next part of this post.

The pry0cc/axiom lets you spin multiple server instances, even the hundreds or thousands if your cloud provider allows it. You can control those instances from your terminal easily by using favorite infosec tools for recon process, vulnerability scanning and more. So basically, you will have multiple servers doing tasks for you without much struggle. It’s like having your own botnet on cloud, but of course, as a whitehat!

You can even customize it enough to have your own scripts running on the cloud, wordlists being used by those scripts, uploading/downloading files to those instances and many more features.

I will be covering the setup I would like to use for this tool for my daily bounties journey. Each of the following articles will be about different use cases for axiom.

Before you even start unlocking the power of this great tool, there are a couple things that you should keep in mind:

• You will get duplicates if you use this tool the wrong way. For example running basic nuclei scripts, the same payloads that thousands of researchers use will result in you finding the same thing as others. Dupe found fast is still dupe, so won’t be stupid, don’t be that guy with spray and pray “methodology”. For me personally, it helps to automate a small part of my usual tasks which usually is the initial recon process. Don’t worry, I will share my secrets how I utilized it to my advantage.
• Understand that it will cost you money to have cloud instances running. How much you will spend on it really depends on a lot of factors, but consider it as an investment. For example, if you have spent 300$ for a month, but you have made some 3k, 5k, 10k or even more in bounties that month it’s a good return on the investment. Currently, Axiom supports Digitalocean, IBM Cloud, Linode, AWS and Azure cloud providers. If you do not yet have your own provider and just want to test this tool, you could use my affiliate link and get $200 in credit over 60 days on Digitalocean. I highly recommend this provider since it is very friendly for beginners with an easy to use user interface.
• Don’t use it for port scanning or other very invasive tools — most cloud providers do not allow it. Not only will you be banned from the cloud provider, but also you could get in legal lawsuit. You have been warned, so stay out of trouble.
• Every cloud provider has limited instances that you could use. There are limitations on how much VPS your account could have. For example, Digitalocean has a 10 droplet limit. In order to have it increased, you should contact the support, but even before contacting the support you should get a hang of using Axiom. In most cases you don’t need hundreds of instances. Also, you will need a valid reason on why the instances should increase, so do it after using the provider for some time (weeks or even months).

Prerequisites

My preferred way of choice is to use those OS systems, which have bash scripting language already since it makes life easier to run most of open source security tools. If you are using Windows or not planning to use it locally, I also recommend having VPS which could be your Command and Control server for spawning Axiom instances. Just make sure that it won’t be on the same provider or have backups since some self instance delete could happen.

I also recommend setting up cloud provider API key in advance before installation. Every cloud provider is different, but for example you can access the DigitalOcean API keys here once you have logged in into your account.

Installation options

1. Fastest way to install the Axiom is by using following bash command:

bash <(curl -s https://raw.githubusercontent.com/pry0cc/axiom/master/interact/axiom-configure)

2. You could use docker:

docker exec -it $(docker run -d -it — platform linux/amd64 ubuntu:20.04) sh -c “apt update && apt install git -y && git clone https://github.com/pry0cc/axiom ~/.axiom/ && cd && .axiom/interact/axiom-configure”

3. My own preferred way is doing it manually, since it does allow a lot of customization options.

Clone the git repository:

git clone https://github.com/pry0cc/axiom ~/.axiom/

Optional: You could customize your own instance on which security tools it will have as it will be cloned during the instance spawn process. You should use default.json as the example, and you create your own .json file here:

cd ~/.axiom/images/provisioners

ls
...
barebones.json classic.json default.json l light.json nuclei.json reconftw.json recon.json xss.json

Just know one thing that if you have edited, added or deleted files in ~/.axiom directory, it will be not possible to update it from the github repository.

Next, in order to initiate install process execute this command:

$HOME/.axiom/interact/axiom-configure

Once you press ENTER, it will update and upgrade your OS, download and upgrade the tools required for Axiom to run successfully.

Next, select your preferred terminal language, mine is BASH:

It will update the dependencies from github repository. You will be prompted again if you want setup amass config. Just press n and ENTER. Now select your own cloud provider here. As I mentioned I use DO:

Provide you DO token:

Next, ignore ping errors and just select the region and droplet size, I have put the values as the wizard suggested, but if you want to customize it you should check cloud docs:

Name your profile. All the configuration you have did before will be saved into the profile file. You can switch profiles later, if you decide to use other cloud provider. I have named mine do_account:

Now you will be asked which provisioner you will be using. As I mentioned on the Installation options part, you could have customized your own provisioner .json file, so you could use that one. For example, I have created recon.json just to have simple image with only initial recon:

But for the sake of simplicity, I will use default provisioner will most of security tools already prepared:

Now the long part, it will take 25–50minutes depending on your internet speed and etc. So be patient:

Congrats you have successfully installed the Axiom! Get ready, the next part will be more interesting as I will cover the common features and my own tricks how I gather initial data about the target.

Subscribe to my page to not miss any upcoming stories. Also follow me on twitter, since I am planning to share some short insights, cool tricks and bypasses there as well.

References

Think meme gif — https://tenor.com/IYuX.gif

Hacking in progress gif — https://tenor.com/bmmLd.gif