k1m0ch1 / axolotl Goto Github PK

Describe the bug
Host identity is not automatically created

To Reproduce
axolotl add -d example.com -p 443 -v IDOR

Expected behavior
If the host doesn't exist, should automatically create

Additional context

Current status, which should not be like this

[*] Warning! Host Identity for example.com is not exist at ./hosts
[+] File IDOR.yml is generated at ./vulns, Happy Hacking!

update the https://axolotl.readthedocs.io/en/latest/ so the documentation is much better

• Explanation about the Axolotl
• Tell the flow work with axolotl
• 1. Start with init the project
• 2. Explanation about the directory structure
• 3. Add Host Identity
• 4. Explanation about Host Identity, How to input, and key explanation
• 5. Add Vulnerability Finding
• 6. Explanation about Vulnerability Finding, How to input, and key explanation
• 7. Status Flow
• 8. Change the status
• 9. Lookup All Host
• 10. Lookup All Vuln
• 11. Host Information
• 12. Simple Statistic
• Simplify the README.md

检测到 k1m0ch1/axolotl 一共引入了21个开源组件，存在2个漏洞

漏洞标题：go-yaml < 2.2.8拒绝服务漏洞
缺陷组件：gopkg.in/[email protected]
漏洞编号：CVE-2019-11254
漏洞描述：gopkg.in/yaml.v2是go语言中用于处理yaml格式的包。
在2.2.8之前的版本中，处理恶意的yaml数据时，会导致CPU资源耗尽。
漏洞由Kubernetes开发者在fuzz测试中发现并提交修复补丁。
国家漏洞库信息：https://www.cnvd.org.cn/flaw/show/CNVD-2020-35519
影响范围：(∞, 2.2.8)
最小修复版本：2.2.8
缺陷组件引入路径：github.com/k1m0ch1/axolotl@->gopkg.in/[email protected]

另外还有2个漏洞，详细报告：https://mofeisec.com/jr?p=a16b74

Report Generator with Template Markdown and can generate from existing Data

the command

axolotl gen -T <fileTemplate.md> -O <fileOutput.pdf> -d <domain.com> --exclude-vuln <namevuln, nameVuln> --only-include <nameVuln, nameVuln>

source:
https://github.com/noraj/OSCP-Exam-Report-Template-Markdown

This repo is good for example to generate markdown to PDF, but the problem is I need to install pandoc https://pandoc.org/installing.html and generate the command following with the user need to install all requirement, WHICH IS NOT SIMPLE.

the other IDEA is set the report generator sent to API, and response with PDF file.. but the problem is with data trust, the data is actually private so the user might not trust to convert from API, maybe I can do this by host the API opensource, so everyone will know what I put there.

axolotl info -d <domain.com>

• Need at least to see about the latest vuln status flow
• Host count of vulnerbilities by Severity
• Count OWASP Score
• Count CVSS 3.1 Score
• Status Host by severity finding that not fixed
• The most&least vulnerbility Type
• Flow time from found until completed
• Vuln Bounty rewarded (if exist)
• Total Vuln Bounty Rewarded (if exist)
• Add documentation at readthedocs.io