The Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes.
Ax includes a set of Packer Provisioner files to choose from (JSON or HCL), or you can create your own (recommended).
Whichever Packer Provisioner you select, Ax installs your tools of choice into a "base image". Then using that image, you can deploy fleets of fresh instances (cloud hosted compute devices). When building an image using the Default Provisioner, you can connect and immediately access a wide range of tools useful for both Bug Hunting and Penetration Testing.
Various Ax Utility Scripts streamline tasks like spinning up and deleting fleets of instances, parallel command execution and file transfers, instance and image backups, and many other operations.
Ax Framework leverages the power of ephemeral, automated infrastructure to make cloud-based scanning operations fast and efficient. With Ax, you can quickly spin up disposable cloud instances, distribute your scanning workloads, and manage large-scale operations with ease. The framework supports running arbitrary binaries and scripts, determined by the specific Packer Provisioner you select and Module you use.
Once Ax is set up and configured, you can deploy a fleet of 50-100+ instances in just minutes, distribute a highly parallelized scan against a large scope of targets, and deliver rapid, reliable results. This functionality is known as ax scan.
Ax attempts to follow the Unix philosophy by providing building blocks that allow users to easily orchestrate one or many cloud instances. This flexibility enables the creation of continuous scanning pipelines and the execution of general, one-off, highly parallelized workloads.
Currently Digital Ocean, IBM Cloud, Linode, Azure, AWS, Hetzner, GCP and Scaleway are officially supported cloud providers.
- Introduction
- Existing Users
- the Ax Controller
- How it Works
- Installation Instructions
- Fleets
- Scans
- Modules
- SBOMs
Digital Ocean is still our best and most supported cloud provider. If you're signing up for a new Digital Ocean account, please use this link for a $200 free credit!
IBM Cloud is still our best supported business provider! If you're signing up for a new IBM Cloud account, please use this link for $200 free credit!
Linode is an absoutely fantastic cloud provider and fully supported! If you're signing up for a new Linode account, please use this link for $100 free credit!
The machine you install Ax on is called the Ax Controller. The Controller manages all aspects of Ax, including account setup, building your Packer image, spinning up and SSHing into instances, creating new images from existing instances, deleting instances and images, managing distributed scanning, and much more!
During the initial installation, running ax configure
will trigger ax account-setup
, which in turn calls ax account
along with the respective cloud provider's account-helper
script. Once this setup is complete, ax build
is executed to create your Packer image. After the image is successfully built, you can deploy fleets of servers using ax fleet
and distribute scans with ax scan
!
This will create a docker container, initiate the install and setup flow, then drop you out of the docker container. Once the Packer image is successfully created with ax build
, you will have to re-exec into your docker container docker exec -it $container_id zsh
.
docker exec -it $(docker run -d -it --platform linux/amd64 ubuntu:latest) sh -c "apt update && apt install git -y && git clone https://github.com/attacksurge/ax/ ~/.axiom/ && cd && .axiom/interact/axiom-configure --run"
You should use an OS that supports our easy install.
For Linux systems you will also need to install the newest versions of all packages beforehand sudo apt dist-upgrade
.
bash <(curl -s https://raw.githubusercontent.com/attacksurge/ax/master/interact/axiom-configure) --run
If you have any problems with this installer, or if using an unsupported OS please refer to Installation.
OS | Supported | Easy Install | Tested |
---|---|---|---|
Ubuntu | Yes | Yes | Ubuntu 22.04 |
Kali | Yes | Yes | Kali 2024.2 |
Debian | Yes | Yes | Debian 12 |
Windows | Yes | Yes | WSL w/ Ubuntu |
MacOS | Yes | Yes | macOS 14 |
Arch Linux | Yes | No | Yes |
Bash: Ax is predominantly written in Bash! This makes it easy to contribute to, and it was chosen because early versions were rapidly prototyped in this language. For a detailed step-by-step walk-though of how ax scan works under the hood, its highly recommended to read the comments in the source code!