Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/k1m0ch1/axolotl

toolings for pentester to makes their life easier
https://github.com/k1m0ch1/axolotl

Last synced: about 2 months ago
JSON representation

toolings for pentester to makes their life easier

Awesome Lists containing this project

README 

        
```

                   ___      ___   ___   ______    __        ______   .___________. __

                  /   \     \  \ /  /  /  __  \  |  |      /  __  \  |           ||  |

                 /  ^  \     \  V  /  |  |  |  | |  |     |  |  |  | `---|  |----`|  |

                /  /_\  \     >   <   |  |  |  | |  |     |  |  |  |     |  |     |  |

               /  _____  \   /  .  \  |  `--'  | |  `----.|  `--'  |     |  |     |  `----.

              /__/     \__\ /__/ \__\  \______/  |_______| \______/      |__|     |_______|

```



![](https://img.shields.io/twitter/follow/BukanYahya?style=social)

![](https://img.shields.io/github/go-mod/go-version/k1m0ch1/axolotl)

![](https://img.shields.io/github/v/release/k1m0ch1/axolotl)

![](https://img.shields.io/github/commit-activity/w/k1m0ch1/axolotl)

![](https://img.shields.io/github/last-commit/k1m0ch1/axolotl)

![](https://img.shields.io/github/release-date/k1m0ch1/axolotl)



# Axolotl - ez vuln record



axolotl is a pentest collaboration tools, comes with a simple feature, and it want to keep it simple, you only need to install axolotl and git on your machine. It has a main purpose to store and collaborate all finding with your team or yourself, and axolotl process the data to simplify lookup data, make a simple statistic and generate a simple report.





    




When it comes with pentestration collaboration tools, It becomes hard when you manage the document based, sometime rely on file you store on harddrive or cloud storage is hard to manage, and you need times to makes a report or statistic.



Another option, you can manage every finding with "any" pentest documentation tools, sometime with great feature generate documentation and statistic, but it comes with problem you need to pay, sometime you need to install on your server/local and have many requirement to install.



axolotl comes with a simple feature, and it want to keep it simple, you only need to install axolotl and git on your machine. It has a main purpose to store and collaborate all finding with your team or yourself, and axolotl process the data to simplify lookup data, make a simple statistic and generate a simple report.



Axolotl inspired from [nuclei](https://github.com/projectdiscovery/nuclei) project, where I'm using nuclei as the collaboration tools for poc.



# tl;dr axolotl



```

!!Attention!! All data at the screenshot is all dummy, not real data

```



1. Download the binary from [Release](https://github.com/k1m0ch1/axolotl/releases)

2. Install on your machine

3. Run `axolotl init` to create new directory structure

4. Generate host identity and input as you needs (if you didn't need the key, just delete the key)



```

axolotl add -d domain.com

```



    



5. Generate Vulnerability Finding and input as you needs (if you didn't need the key, just delete the key)



```

axolotl add -d domain.com -v vuln-name-without-space

```



    



6. List all current Host



```

axolotl lookup host

```



    



7. List all current Vuln



```

axolotl lookup vuln

```



    



8. Information Host with Vuln



```

axolotl info -d domain.com

```



    



9. simple statistic about your finding



```

axolotl stat

```





    




10. repeat from `4` to add more host and vuln finding



Check [How to use](https://axolotl.readthedocs.io/en/latest/) page for detail how to use



## Docker Usage



Building



```

docker build . -t axolotl

```



Run it with volume



```

docker run -v ./testworkdir:/workdir -it axolotl --help

```



## Operation in docker



Here is sample commands with docker



```

PS C:\> docker run -v ./testworkdir:/workdir -it axolotl add -d example.com



──────────────────────────────────────

Axolotl v0.2.0-alpha - Ez Vuln Record

https://github.com/k1m0ch1/axolotl

──────────────────────────────────────



[+] Host example.com is Created at ./hosts



PS C:\> docker run -v ./testworkdir:/workdir -it axolotl add -d example.com -p 443 -v IDOR



──────────────────────────────────────

Axolotl v0.2.0-alpha - Ez Vuln Record

https://github.com/k1m0ch1/axolotl

──────────────────────────────────────



[+] File IDOR.yml is generated at ./vulns, Happy Hacking!



PS C:\> docker run -v ./testworkdir:/workdir -it axolotl info -d example.com



──────────────────────────────────────

Axolotl v0.2.0-alpha - Ez Vuln Record

https://github.com/k1m0ch1/axolotl

──────────────────────────────────────

Info Result of the Domain `example.com`



Domain `example.com`  ()



Technology :



Current Vulnerability :

1. IDOR

    ()

```



## Release and Contributing



We appreciate all contributions. If you are planning to contribute any bug-fixes, please do so without further discussions.



If you plan to contribute new features, new tuners, new training services, etc. please first open an issue or reuse an exisiting issue, and discuss the feature with us. We will discuss with you on the issue timely or set up conference calls if needed.



To learn more about making a contribution to axolotl, please refer to our How-to contribution page.



Please let us know if you encounter a bug by filling an issue.



We appreciate all contributions and thank all the contributors!