___ ___ ___ ______ __ ______ .___________. __
/ \ \ \ / / / __ \ | | / __ \ | || |
/ ^ \ \ V / | | | | | | | | | | `---| |----`| |
/ /_\ \ > < | | | | | | | | | | | | | |
/ _____ \ / . \ | `--' | | `----.| `--' | | | | `----.
/__/ \__\ /__/ \__\ \______/ |_______| \______/ |__| |_______|
axolotl is a pentest collaboration tools, comes with a simple feature, and it want to keep it simple, you only need to install axolotl and git on your machine. It has a main purpose to store and collaborate all finding with your team or yourself, and axolotl process the data to simplify lookup data, make a simple statistic and generate a simple report.
When it comes with pentestration collaboration tools, It becomes hard when you manage the document based, sometime rely on file you store on harddrive or cloud storage is hard to manage, and you need times to makes a report or statistic.
Another option, you can manage every finding with "any" pentest documentation tools, sometime with great feature generate documentation and statistic, but it comes with problem you need to pay, sometime you need to install on your server/local and have many requirement to install.
axolotl comes with a simple feature, and it want to keep it simple, you only need to install axolotl and git on your machine. It has a main purpose to store and collaborate all finding with your team or yourself, and axolotl process the data to simplify lookup data, make a simple statistic and generate a simple report.
Axolotl inspired from nuclei project, where I'm using nuclei as the collaboration tools for poc.
!!Attention!! All data at the screenshot is all dummy, not real data
- Download the binary from Release
- Install on your machine
- Run
axolotl initto create new directory structure - Generate host identity and input as you needs (if you didn't need the key, just delete the key)
axolotl add -d domain.com
axolotl add -d domain.com -v vuln-name-without-space
axolotl lookup host
axolotl lookup vuln
axolotl info -d domain.com
axolotl stat
- repeat from
4to add more host and vuln finding
Check How to use page for detail how to use
Building
docker build . -t axolotl
Run it with volume
docker run -v ./testworkdir:/workdir -it axolotl --help
Here is sample commands with docker
PS C:\> docker run -v ./testworkdir:/workdir -it axolotl add -d example.com
──────────────────────────────────────
Axolotl v0.2.0-alpha - Ez Vuln Record
https://github.com/k1m0ch1/axolotl
──────────────────────────────────────
[+] Host example.com is Created at ./hosts
PS C:\> docker run -v ./testworkdir:/workdir -it axolotl add -d example.com -p 443 -v IDOR
──────────────────────────────────────
Axolotl v0.2.0-alpha - Ez Vuln Record
https://github.com/k1m0ch1/axolotl
──────────────────────────────────────
[+] File IDOR.yml is generated at ./vulns, Happy Hacking!
PS C:\> docker run -v ./testworkdir:/workdir -it axolotl info -d example.com
──────────────────────────────────────
Axolotl v0.2.0-alpha - Ez Vuln Record
https://github.com/k1m0ch1/axolotl
──────────────────────────────────────
Info Result of the Domain `example.com`
Domain `example.com` ()
Technology :
Current Vulnerability :
1. IDOR
()
We appreciate all contributions. If you are planning to contribute any bug-fixes, please do so without further discussions.
If you plan to contribute new features, new tuners, new training services, etc. please first open an issue or reuse an exisiting issue, and discuss the feature with us. We will discuss with you on the issue timely or set up conference calls if needed.
To learn more about making a contribution to axolotl, please refer to our How-to contribution page.
Please let us know if you encounter a bug by filling an issue.
We appreciate all contributions and thank all the contributors!
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent