Filesystem-Utilities

# Filesystem Utilities 

Filesystem utilities to help you interact with axiom instances!

# axiom-configure
**Setup and configure the axiom controller and validate cloud account** :computer:
#
<details>
  <summary>axiom-configure usage</summary>
  
  ``` 
 ▄▄▄      ▒██   ██▒ ██▓ ▒█████   ███▄ ▄███▓
▒████▄    ▒▒ █ █ ▒░▓██▒▒██▒  ██▒▓██▒▀█▀ ██▒
▒██  ▀█▄  ░░  █   ░▒██▒▒██░  ██▒▓██    ▓██░
░██▄▄▄▄██  ░ █ █ ▒ ░██░▒██   ██░▒██    ▒██
 ▓█   ▓██▒▒██▒ ▒██▒░██░░ ████▓▒░▒██▒   ░██▒
 ▒▒   ▓▒█░▒▒ ░ ░▓ ░░▓  ░ ▒░▒░▒░ ░ ▒░   ░  ░
  ▒   ▒▒ ░░░   ░▒ ░ ▒ ░  ░ ▒ ▒░ ░  ░      ░
  ░   ▒    ░    ░   ▒ ░░ ░ ░ ▒  ░      ░
      ░  ░ ░    ░   ░      ░ ░         ░

The Dynamic Infrastructure Framework for Everybody - @pry0cc & @0xtavian

We are lucky enough to be sponsored by the awesome SecurityTrails! 
Sign up for your free account here! https://securitytrails.com/app/account?utm_source=axiom

Description:
Examples:                                                                                                                                                                                                                                  
  axiom-configure # kick off axiom configuration wizard
  axiom-configure --shell Zsh # Set default shell to Zsh via command line
  axiom-configure --config <axiom.json config data> # Use plaintext axiom.json data for account setup TODO: support axiom.json as a file
  axiom-configure --shell BASH --unattended --config <axiom.json config data>  # Use bash for default shell, do not promot, use plaintext axiom.json data for account setup
Usage:
  --config <axiom.json data>
    Setup account with data supplied from the command line (must be vaild data from axiom.json wrapped in single quotes)
  --unattended (optional)
    Avoid any promots, defaults to Oh My Zsh unless --shell argument is also provided
  --shell <Bash, Zsh, OMZ (Oh My Zsh)> (optional)
    Choose bash/zsh to add axiom to .bashrc/.zshrc. OMZ installs Oh My Zsh and overwrites .zshrc
  --help
    Display this help menu
  ```
</details>

```
axiom-configure
```
You can provide your config inline or after running `axiom-configure`. <br>

`
axiom-configure --shell bash --unattended --config { "do_key": "[redacted]", "region": "nyc1", "provider": "do", "default_size": "s-1vcpu-1gb", "appliance_name": "", "appliance_key": "", "appliance_url": "", "email": "", "op": "[redacted]", "imageid": "axiom-default-myimageid", "provisioner": "default", "sshkey": "id_rsa" } 
`
<br>
>  To get your account.json config file in this format run: `cat ~/.axiom/accounts/do.json | tr '\n' ' ' | tr -s ' '`

---
# axiom-build 
**Pick a Packer provisioner** :hatching_chick:
> You must run axiom-configure before anything else. This creates your axiom.json file which is required by other commands.
```
axiom-build default
```
You can provide your provisioner inline or after running `axiom-build`.

> We currently offer [three](https://github.com/pry0cc/axiom/tree/master/images/provisioners) different base provisioner files, and 2 custom provisioner file to build images. 
> - [Default](https://github.com/pry0cc/axiom/blob/master/images/provisioners/default.json) is our latest iteration of axiom provisioners. It comes with all tools installed and has been optimized for readability. Recommended for axiom-fleet.
> - [ReconFTW](https://github.com/pry0cc/axiom/blob/master/images/provisioners/reconftw.json) provisioner includes all tools in ReconFTW and works with most modules. Recommended for ReconFTW.
> - [Barebones](https://github.com/pry0cc/axiom/blob/master/images/provisioners/barebones.json) is our decently secure base install, comes with Docker, Go-lang, Interlace and nmap installed. Recommended for templating.

> Custom Images:
> - [Classic](https://github.com/pry0cc/axiom/blob/master/images/provisioners/classic.json) provisioner works with most modules and was the first iteration of axiom provisioner files.
> - [Light](https://github.com/pry0cc/axiom/blob/master/images/provisioners/light.json) provisioner comes with zsh and a few other minor adjustments over the barebones provisioner. 
---
* If you want to bring-your-own Packer JSON provisioner, select custom. Make sure your packer json is placed in ~/.axiom/images/provisioners

# axiom-images
**Manage images/snapshots with axiom-images** :cd:
#
<details>
  <summary>axiom-images usage</summary>
  
  ``` 
Examples: axiom-images ls && axiom-images rm axiom-barebones-1634682130 && axiom-images use axiom-default-1634682131
 Usage:
 ls                                      List snapshots created
 get                       Display info about the current image
 use | set              Use snapshot for axiom-init/axiom-fleet
 rm                                Remove snapshot from account
 help | --help | -h                        Print this help menu
  ```
</details>

```bash
axiom-images ls # List available images
axiom-images use <image name> # Replace image used for axiom-init/axiom-fleet with user provided image name 
axiom-images rm <image name> # Delete image by name
```
---

# axiom-init
**Initialize a single instance** :seedling:
#
<details>
  <summary>axiom-init usage</summary>
  
  ```
Description:
  Initialize one axiom instance with differnet options, such as image, region, size and axiom deployment profile
Examples:
  axiom-init # provision instance with random name
  axiom-init --deploy desktop # provision instance with random name, then deploy axiom profile 'desktop'
  axiom-init testy01 # provision instance named testy01
  axiom-init stok01 --region nyc3 --image axiom-barebones-1635920849 --size s-1vcpu-2gb --deploy desktop --shell
Usage:
  <name> string (optional)
    Name of the instance, supplied as a positional first argument
  --image <image name>
    Manually set the image to use (default is imageid in ~/.axiom/axiom.json)
  --region <region>
    User specified region to use (default is region in ~/.axiom/axiom.json)
  --deploy <profile>
    Deploy a profile after initialization (e.g desktop, openvpn, bbrf, wireguard)
  --shell (optional)
    Connect to instance after initialization
  --size <vm size>
    VM size to use  (default is size in ~/.axiom/account/account.json)
  --no-select (optional)
    Dont select instance after initialization (default is to select instance)
  --domain <example.com>
    Manually specify the domain to use (default is specified by cloud provider)
  --restore <backup>
    Initialize with a previous backup
  --help
    Display this help menu
  ```
</details>

```bash
axiom-init <name> # Init
axiom-init <name> --deploy=<profile> --restore=<box> # Init & deploy & restore 
#Note: profile argument is file name is without .json
```
> the `--deploy` option allows you to deploy a profile (stored in `~/.axiom/profiles/`). `--restore` will restore a profile. These options can be used together.


---


# axiom-exec
**Execute a command against an Instance** :robot:
#
<details>
  <summary>axiom-exec usage</summary>
  
  ``` 
Description:
  Evaluate shell one-liners or execute single commands on one or more instances in parallel                                                                                                                       
  Expand local and remote environment variables respectively                                                                                                                                                      
  Specify the fleet prefix, or let axiom use selected.conf by default (located in ~/.axiom/selected.conf)                                                                                                         
  Optionally execute command(s) in a detached tmux session on the remote instances (commands run in the background)                                                                                               
  Temporarily prevent axiom's SSH key regeneration and instead connect with a cached SSH config (default is ~/.axiom/.sshconfig)                                                                                  
Examples:                                                                                                                                                                                                         
  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
  axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
Usage:
  <commands> required string
    Command(s) to run on the remote axiom instances, multiple commands can be wrapped in single or double quotes, but not required
  -f/--fleet <fleet prefix>
    Fleet prefix to execute on (default is ~/.axiom/selected.conf). Automatic wildcard support
  -i/--instance <instance name>
    Single instance to execute on
  --tmux <optional tmux session name>
    Execute commands in a detacted tmux session (commands run in the background). The default tmux session name is axiom-exec+$TIMESTAMP, or supply a custom tmux session name
  --sshconfig <sshconfig_file> (optional string)
    Path to axiom's SSH config (default is ~/.axiom/.sshconfig)
  -q/--quiet
    Disable progress bar, and reduce verbosity
  --debug
    Enable debug mode (VERY VERBOSE!)
  --cache
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --logs
    Do not delete logs (logs will be stored in ~/.axiom/logs/exec/axiom-exec$TIMESTAMP)
  --help
    Display this help menu

  ```
</details>


```bash
  axiom-exec id # Execute command id across all instances currently selected.conf (located in ~/.axiom/selected.conf)
  axiom-exec ifconfig --fleet testy # Execute ifconfig on testy fleet. Automatically select all instances in fleet testy
  axiom-exec sleep "$(($RANDOM % 10))" "&& id &&" echo $HOSTNAME --fleet stok # Evaluate complex one-liners on fleet stok
  axiom-exec 'sudo apt dist-upgrade -y' -q --cache --fleet OtherFleet --tmux MySession01 # Quietly execute command(s) inside a detacted tmux session on the remote instances with custom session name
  axiom-exec whoami -q --cache --sshconfig ~/.axiom/log/exec/axiom-exec+1234567890/sshconfig --fleet oldfleet --tmux # Specify the axiom SSH config to use (default is ~/.axiom/.sshconfig)
```


---
# axiom-ssh 
**Connect to an instance - axiom-ssh or axiom-connect** :link:
# 
<details>
  <summary>axiom-ssh usage</summary>
  
  ```
Description:
  axiom-ssh dynamically generates axiom's SSH config based on your cloud inventory.
  axiom-ssh allows you to connect to your axiom instances over their public or private network interface.
  axiom-ssh can drop you right into a freshly created tmux session on the remote instance, and can be used to
  attach to a preexisting tmux session.
  All additional SSH args are passed to SSH.
Examples:
  axiom-ssh testy01 # SSH into instance testy01
  axiom-ssh testy01 --tmux mysession1 # SSH into instance testy01 and spawn or attach to session named mysession1
  axiom-ssh --just-generate # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with public Ip details
  axiom-ssh --just-generate private # Always populate axiom's ssh config (located in ~/.axiom/.sshconfig) with private Ip details
  axiom-ssh --just-generate cache # Never regenerate axiom's ssh config
  axiom-ssh testy01 -L 8080:127.0.0.1:8080 -D 4040  # Port-forward 8080 to local port 8080 and dynamically port foward port 4040 to testy01
Usage:
  <instance name> required string
    Instance name supplied as a positional first argument
  --mosh/-m <instance name> (optional)
    Connect with mosh
  --just_generate <public, private, cache> (optional)
    Specify when to generate the SSH config file and what IPs to use. Options are public, private, cache ( default is public )
  --tmux <tmux session name to create>
    Connect to your instance and start new tmux session. If you dont include a session name one will be chosen automatically for you
  --tmux-attach/-t <tmux session> (optional)
    Connect to your instance and attach to tmux session by name
  --cache (optional)
    Temporarily do not generate SSH config and instead connect with cached SSH config
  --help (optional)
    Display this help menu
  <additional args>
    All additional SSH args are passed to SSH. If you want additional arguments supplied to your command, simply append them to the command
    example: axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040
  ```
</details>

```bash
axiom-connect #automatically connects to list initialized instance
axiom-connect <name>
axiom-ssh <name> <ssh args>
axiom-ssh <name> --tmux
axiom-ssh <name> -m -t=<tmux session> # Connect with mosh and attach to tmux session
axiom-ssh <name> -m -t=main-15
axiom-ssh <name> -L 8080:127.0.0.1:8080 -D 4040 # All additional SSH args are passed to SSH
axiom-ssh <name> --cache # Don't generate ssh config, just connect with cache
axiom-ssh --just-generate # Will populate the SSH config at ~/.axiom/.sshconfig with public IPs instances on the account
axiom-ssh --just-generate private # Will populate the SSH config at ~/.axiom/.sshconfig with private IPs instances on the account
axiom-ssh --just-generate cache # Will permanently avoid regenerating the SSH configs. To revert run: axiom-ssh --just-generate public or just axiom-ssh --just-generate
```

---
# axiom-backup 
**Backup an initialized instance to the cloud** :luggage:
axiom-backup 
```bash

> After running axiom-init you can set up config files, unique wordlists, private tools etc, take a snapshot of that image and use it to deploy future axiom instances/fleets. 

---
# axiom-sync
**Backup the home directory of an initialized instance to the local filesystem** :arrows_counterclockwise:

```bash
axiom-sync instance01
```

> This allows you to download a copy of everything in an axiom instance to the local filesystem

---
# axiom-power
**Power on, off and reboot instances and fleets with axiom-power.** :electric_plug:	
#
<details>
  <summary>axiom-power usage</summary>
  
  ```
 Usage: axiom-power on 'rez\*'  #turns on instances starting with 'rez'
  axiom-power off '\*'    #turns off all instances
  Examples:
  on                             Power on instance by instance name
  off                           Power off instance by instance name 
  reboot                           Reboot instance by instance name
  help | --help | -h                           Print this help menu
  ```
</details>


```bash
axiom-power on 'rez\*' # Power on all instances in fleet named rez
axiom-power off 'rez\*' # Power off rez fleet
axiom-power reboot 'rez\*' # Reboot rez fleet

```

---
# axiom-rm
**Remove one or more axiom instances** :x:

```bash
axiom-rm <name> # Delete box by specifying the name
axiom-rm <name> -f # Forcibly delete box by specifying the
axiom-rm <name>\* # Delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm <name>\* -f # Forcibly delete all instances that start with <name>. You must escape the asterisk.  
axiom-rm '\*' # Delete all instances on the account. Must be wrapped in single quote and escape the asterisk. 
axiom-rm '\*' -f # Forcibly delete all instances on the account. Must be wrapped in single quote and escape the asterisk. 


```
---
# axiom-boxes
**List all box backups** :brain:

```bash
axiom-boxes ls # List boxes
axiom-boxes ls --archive # List archived boxes
axiom-boxes new <box> # Create a blank box backup
axiom-boxes rm <box> # Delete a box backup 
axiom-boxes archive <box>  # Archive a box (tarball & gpg -e)
axiom-boxes unarchive <box> # Unarchive (from ~/.axiom/archives/), gpg decrypts
axiom-boxes get pry0cc/lazy # Get a box from  github, username/repo
```
> Using the archive option will convert the box to a tarball and encrypt using the email specified in your account `~/.axiom/accounts/*.json`

---

# axiom-region
**Switch to a new region** :compass:

```bash
axiom-region ls # lists regions
axiom-region select <region> # select region

axiom-region select ams2
```

---

# axiom-account
**Manage user accounts** :name_badge:

```bash
axiom-account-setup # Setup a new account
axiom-account # No args, list available accounts
axiom-account <account> # Select/Switch to the specified account
```
---

# axiom-scp
**Copy files to and from hosts** :arrow_heading_up:

#
<details>
  <summary>axiom-scp usage</summary>
  
  ```
 --cache (optional)
    Do not regenerate SSH config
-F (string)
    Path of custom SSH config file to use
Example Usage: axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt' --cache
    Copy a remote file from all instances in myfleet to local folder. Do no generate SSH config
    $name must be wrapped single quotes. $name is a required literal string and gets interpolated from the instance name.
Example Usage: axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt' 
    Copy a remote file from one instance 'myfleet05' to a local file
Example Usage: axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt 
    Copy a local file to all instances in myfleet
Example Usage: axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates 
    Copy a local folder to all instances in myfleet
  ```
</details>

> Copy a remote file from all instances in myfleet to local file. `'$name'` must be wrapped single quotes. `'$name'` is a required literal string and gets interpolated from the instance name. <br>

```
axiom-scp 'myfleet*':/home/op/myfile.txt '~/local/folder/$name.txt'
```
> Copy a remote folder from all instances in myfleet to local folder. `'$name'` must be wrapped single quotes. `'$name'` is a required literal string and gets interpolated from the instance name. <br>

```
axiom-scp 'myfleet*':/home/op/myfile/ '~/local/folder/$name'
```

> Copy a remote file from one instance 'myfleet05' to a local file <br>

```
axiom-scp myfleet05:/home/op/myfile-from-myfleet05.txt '~/local/folder/myfile-from-myfleet05.txt'
```

> Copy a local file to all instances in myfleet, for example uploading a custom wordlist  <br> 

```
axiom-scp myfile.txt 'myfleet*':/home/op/myfile.txt
```

> Copy a local folder to all instances in myfleet, for example uploading a folder of custom nuclei templates <br>

```
axiom-scp mytemplates/ 'myfleet*':/home/op/custom-templates 
``` 
---

# axiom-select
**Deploy a profile** :mechanical_arm:

```bash
axiom-select '<instance>'
axiom-select 'testy*'  # Testy is an example of a fleet
axiom-deploy openvpn # Install openvpn against host or fleet
axiom-deploy covenant # Install covenant
```

> All profiles can be found in `~/.axiom/profiles`

**Connect to a remote axiom instance Docker (over ssh)**

```bash
axiom-select <instance>
. axiom-docker # Not a typo, the . means source
docker ps
```
---
# axiom-vpn
**Connect to an OpenVPN Server Deployed by Axiom** :signal_strength:

```bash
axiom-vpn <instance>
```

---


# axiom-proxy
**Proxy through a set of hosts (or one)** :twisted_rightwards_arrows:
```bash
axiom-proxy '<fleet>*'
axiom-proxy '<instance>'
axiom-proxy 'testy*'
proxychains4 curl -s ipinfo.io
```
> This will SSH tunnel all hosts to a range of  local ports, 127.0.0.1:5000-50100, then generate a proxychains configuration file to `./proxychains.conf`

---

# axiom-dns
**Create a DNS A record**
*Currently only supported by Digital Ocean*
```bash
axiom-dns ls # List domains
axiom-dns ls <domain> # List records for domain
axiom-dns add <subdomain> <domain> <ip address>
axiom-dns add cisco navisec.xyz 167.71.89.136 # Example, this will create a record cisco.navisec.xyz pointing to 167.71.89.136 
```
> Domain names can be hosted in DigitalOcean ([https://cloud.digitalocean.com/networking/domains?](https://cloud.digitalocean.com/networking/domains?i=87a4bd))

---

# axiom-fleet
**Initialize a fleet** :rocket:  
#
<details>
  <summary>axiom-fleet usage</summary>
  
  ``` 
Description:
  Spin up fleets of axiom instances in one or multiple regions.
  Specify the name of your fleet (fleet prefix) or have axiom choose for you.
Examples:
  axiom-fleet # Spin up three instances, let axiom decide on the fleet prefix
  axiom-fleet javis -i 10 # Spin up 10 instances with a fleet prefix of javis, this will create 10 instances named javis01 to javis10.
  axiom-fleet jerry -i 25 --regions nyc1,lon1,ams3,fra1 # Spin up 25 instances using round robbin region distribution
Usage:
  -i/--instances <integer>
    The number of instances to spin up
  -r/--regions <regions> (optional)
    Supply comma-separated regions to cycle through ( default get region from ~/.axiom/axiom.json)
  --help (optional)
    Display this help menu
  ```
</details>



```bash
axiom-fleet -i 13 # Initialize a fleet, name it randomly
axiom-fleet testy -i 8 # Initialize a fleet named 'testy', instances will be named, testy01, test02 etc
axiom-fleet testy -i 10 --regions nyc1,lon1,ams3,fra1 # Initialize a fleet using round-robin region distribution  
```

---

# axiom-scan
**Scanning using a fleet** :rocket: 
#
<details>
  <summary>axiom-scan usage</summary>
  
  ```               _
              _
  ____ __  __(_)___  ____ ___        ______________ _____                                                                                                                    
 / __ `/ |/_/ / __ \/ __ `__ \______/ ___/ ___/ __ `/ __ \                                                                                                                   
/ /_/ />  </ / /_/ / / / / / /_____(__  ) /__/ /_/ / / / /                                                                                                                   
\__,_/_/|_/_/\____/_/ /_/ /_/     /____/\___/\__,_/_/ /_/                                                                                                                    
                                                                                                                                                                             
                                    @pry0cc                                                                                                                                  
                                 & @0xtavian                                                                                                                                 
                                                                                                                                                                             
axiom-scan provides easy distribution of arbitrary binaries and scripts. 
axiom-scan splits and uploads user-provided input files (target lists), wordlists and configuration files to every instance.
axiom-scan executes the same command across all instances, which can be found in the module.
axiom-scan downloads and merges scan output in a variety of different ways, specified in the module (folder, merged text file, csv etc). 
individual scans are executed in the background, inside a unique tmux session and scan working directory on the remote instances
 
Usage:
  axiom-scan [flags]

Flags:
INPUT:
   string[]              the first positional argument must always be an input file, this can be a list of URLs, IPs, hostnames, etc
   --dont-split          do not split input file, upload entire input file to every instance (default is to split the input file)
   --dont-shuffle        do not randomize input file before uploading (default is to randomize)

MODULE:
   -m string[]           the axiom-scan module to use with the scan
   --list                print all available modules

WORDLIST:
   -w string[]                       replace the string _wordlist_ in a module with a user-provided wordlist (must be a path to a remote wordlist)
   -wL string[]                      replace the string _wordlist_ in a module with a user-provided local wordlist ( must be a path to a local wordlist)
   --nuclei-templates string[]       replace the string _wordlist_ in a module with a user-provided local folder
   -wD,--distribute-wordlist         requires -wL, when using -wL, split and upload local wordlist (default does not split the wordlist)

CONFIGURATIONS:
   --config string[]                 replace the string _config_ in a module with a user-provided configuration file (must be a configuration file on the remote instances)
   --local-config string[]           replace the string _config_ in a module with a user-provided local configuration file to upload ( must be a local configuration file)

OUTPUT:
   -o string[]          output as default (the first ext mentioned in the module) 
   -oD string[]         output as directory (must also be supplied in the module using "ext":"dir" or "ext":"")
   -oX string[]         output as XML/HTML (supported for nmap and masscan)(must also be supplied in the module using "ext":"xml")
   -oG string[]         output as greppable, merge and sort unique (must also be supplied in the module using "ext":"oG")
   -csv string []       output as csv, extract csv header, merge and sort unique (must also be supplied in the module using "ext":"csv")
   -anew string[]       pipe the output to anew before creating the final output file
   --quiet              do not display findings to terminal
   --rm-logs            delete remote and local logs after scan completes

FLEET:
   --fleet string[]            supply fleet prefix to use (default uses instances in /root/.axiom/selected.conf)
   --spinup int[]              number of instances to spin up prior to scanning (default uses instances in /root/.axiom/selected.conf)
   --rm-when-done              delete the selected instances after the scan completes
   --shutdown-when-done        shutdown the selected instance after the scan completes
   -F string[]                 path to custom SSH config file (default is located at /root/.axiom/.sshconfig)
   --cache                     do not regenerate SSH config prior to scan, instead use cached config (located at /root/.axiom/.sshconfig)

DEBUG:
   --debug              run with set -xv, warning: very verbose

EXTRA ARGS:
   string[]             supply additional arguments to be passed to the module
  ```
</details>

*Modules are in `~/.axiom/modules/`*

```bash
axiom-select 'fleet*' # fleets should be already selected, but just in case, select can be a good idea

# Format
axiom-scan <input> -m <module> -o <text outfile> <any other args>

# Examples
axiom-scan subs.txt -m httpx -o http.txt # httpx module
axiom-scan http.txt -m nuclei -o nuclei.txt # nuclei module, find vulns
axiom-scan http.txt -m gowitness -o screenshots # gowitness, take screenshots
axiom-scan subs.txt -m dnsprobe -o dns.txt # Run dnsprobe

axiom-scan ips.txt -m nmap -oG portscan.txt # nmap
axiom-scan ips.txt -m nmap -oX portscan # Will create both portscan.xml & portscan.html
axiom-scan ips.txt -m nmap -oX full -p- -T5 -sV --script=vulners # Will create full.xml, will pass all args to nmap command

axiom-scan ips.txt -m masscan -oG masscan.txt # Run masscan
```