As you probably learned from the previous part, it is usually a nice thing to have custom wordlists and tools for your remote axiom instances. In this article, I will briefly explain the features that will help you to understand how to access, modify, execute custom commands, and backup on each instance. It will also include some practical tips and the wordlists I used in my daily bug bounty.

Prerequisites

As a prerequisite, make sure you have initialized an instance:

axiom-init <name>

After, you want to check the currently created and running instances:

axiom-ls

Connecting to your instance

There are two main ways you could connect to your running Axiom instances:

axiom-ssh <name>

OR

axiom-connect <name>

After successfully connecting, you will notice the following file structure:

• /home/op — the home directory of op user. There is the most axiom instance working files.
• ~/go — most of the go language CLI tools are stored here.
• ~/lists — contains the wordlists that could be used by default of other tools or supplied as an extra flag.
• ~/nuclei-templates — the templates that will be used for the nuclei tool.
• ~/recon — this directory contains other tools.

Some other tools are used in docker containers or as binaries in other locations. For me personally, modifying ~/lists or ~/recon directories makes most sense, since I could add my custom tools or wordlists there:

I like to use assetnote’s wordlists most of the time for web fuzzing, so creating the assetnote directory under ~/recon makes perfect sense:

You will have an updated machine with custom wordlists ready to use with fuzzing tools such as gobuster, ffuf or feroxbuster. It is possible to snapshot that machine so next time you spawn new instances, you can use it.

Executing custom commands

Another interesting feature is using custom or inbuilt Linux commands on selected VPS. But to demonstrate that it could be done on multiple VPS instances at once, it is required to spawn another server:

You could run ifconfig command on the specified instance by:

axiom-exec ifconfig --fleet <instance>

In order to run the same command on multiple instances, firstly you need to select which machines you want to use:

axiom-select "scanner\*"

After selecting instances, you can execute mkdir command:

Uploading/Downloading custom files

You will probably like to do some file transfer. It is especially useful for cases when you want to download some results stored in Axiom machines, or you might want to add your own wordlists. The simple command that could be used for this:

axiom-scp <from> <to>

As you can see, I have specified scanner* as the instances I want to transfer the same file to. Other examples on file upload or download could be easily found on Axiom docs.

Taking the snapshots

Snapshots are like to save files for the games. If you want to save all work done on the server to have continued use it later — you could use axiom-backup:

Running this command usually takes much longer than CLI shows, so my advice is to check it manually. For instance, on DigitalOcean, you could view your snapshots here.

Some last words…

We covered the most often-used features of this awesome tool. I hope it will greatly help on your Bug Bounty journey. It is a great initial point to start hunting, but there is more! If you want to have fewer duplicates, you have to be smarter than most hunters.

To find valid bugs, you will need to use your tools or add a little twist to less-known ones. To have a custom tool running with axiom-scan you will need to know how to create modules, since running axiom-exec every time is not efficient. Stay tuned, since the next part will be about creating your axiom module!

I am active on Twitter, check out some content I post there daily! Also, if you want to reach me personally, you can visit my Discord server. Cheers!