Axion-scan commands not working

[ghost]

@pry0cc @0xtavian Please help i want to run this single template and i'm not able to run.

Also i have my custom templates in this path /root/custom-templates how can i run my custom templates

axiom-scan ~/target/subs_httpx -m nuclei --nuclei-templates /root/nuclei-templates/cves/2020/CVE-2020-0XXX.yaml -o nuclei.txt

axiom-scan ~/target/subs_httpx -m nuclei -wL /root/custom-templates/CVE-2020-0XXX.yaml -o nuclei.txt

[0xtavian]

To upload a folder of nuclei templates use —nuclei-templates. To upload a single template use -wL. If you are still having issue post the command and terminal output.

[ghost]

Two templates available in this folder /root/nt but i'm getting error like no valid templates were found.

~ axiom-scan ~/target/target_subs_httpx -m nuclei --nuclei-templates /root/nt -o nuclei_nt
_
____ __ () ____ ___ ______________ _____
/ __ / |/_/ / __ \/ __ __ _/ / / __ `/ __
/ // /> </ / // / / / / / /( ) // // / / / /
_,//|//_// // // //___/_,// //

                                @pry0cc
                             & @0xtavian

creating scan working directory at : /home/op/scan/nuclei+1651301765/
uploading local folder ( nuclei-templates ) : /root/nt to /home/op/scan/nuclei+1651301765/nt...
custom folder uploaded successfully!
module: [ nuclei ] | module args: [ ] | input: [ 10 lines ] |
instances: 5 [ bounty01 bounty02 bounty03 bounty04 bounty05 ] |
command: [ /home/op/go/bin/nuclei -silent -update ; cat input | /home/op/go/bin/nuclei -t /home/op/scan/nuclei+1651301765/nt -o output ] | ext: [ txt ] | threads: [ null ]
spliting and distributing input file...
[ OK ]

                 __     _

____ __ / / ()
/ __ / / / / / / _ / /
/ / / / // / // / __/ /
// //_,/_/_/_/_/ 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8
[INF] Downloading latest release...

                 __     _

____ __ / / ()
/ __ / / / / / / _ / /
/ / / / // / // / __/ /
// //_,/_/_/_/_/ 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8
[INF] Downloading latest release...

                 __     _

____ __ / / ()
/ __ / / / / / / _ / /
/ / / / // / // / __/ /
// //_,/_/_/_/_/ 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8
[INF] Downloading latest release...

                 __     _

____ __ / / ()
/ __ / / / / / / _ / /
/ / / / // / // / __/ /
// //_,/_/_/_/_/ 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8
[INF] Downloading latest release...
__ _
____ __ / / ()
/ __ / / / / / / _ / /
/ / / / // / // / __/ /
// //_,/_/_/_/_/ 2.6.9

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.

[INF] Your current nuclei-templates v8.9.7 are outdated. Latest is v8.9.8
[INF] Downloading latest release...
[INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck!
[INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.9 (latest)
[INF] Using Nuclei Templates 8.9.8 (latest)
[FTL] Could not run nuclei: no valid templates were found
[INF] Using Nuclei Engine 2.6.9 (latest)
[INF] Using Nuclei Templates 8.9.8 (latest)
[FTL] Could not run nuclei: no valid templates were found
[INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.9 (latest)
[INF] Using Nuclei Templates 8.9.8 (latest)
[FTL] Could not run nuclei: no valid templates were found
[INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.9 (latest)
[INF] Using Nuclei Templates 8.9.8 (latest)
[FTL] Could not run nuclei: no valid templates were found
[INF] Successfully updated nuclei-templates (v8.9.8) to /home/op/nuclei-templates. GoodLuck!

@pry0cc @0xtavian I'm getting error like [FTL] Could not run nuclei: no valid templates were found.

[0xtavian]

Can you ssh into an instance, cd into the scan working directory, check if the templates were uploaded and try running the command manually?

[absane]

Wanted to jump in to say that I am also having issues with axiom-scan. Basically, I can't get it to work for nmap. I've installed Axiom twice now, one within a VM and another with Docker. IN both installs, I had issues with Interlace not working with Python 3.10, which I think I fixed. When I run this command, it seems that everything worked:

axiom-scan test.txt -m nmap -sT -p- -sV -v --open -oA nmap -sC

The output claims that Axiom is doing something, but after it exists I get no scan results. When I SSH to the Axiom server and check the scan folder, all; the files exist but are empty, including the "command" file that I would expect to have the commands I sent.

When I try the nmapx module, I have better luck actually seeing the command get executed on the server. However, after scanning a few ports the nmap process just hangs, using no CPU cycles.

I've got no idea where to go from here.

[0xtavian]

@absane can you show me the nmap module?

[0xtavian]

Are you seeing any errors running axiom-exec id? If so you might need to follow this temp workaround if using axiom docker (#555). If you are running Ubuntu 20.04 for your axiom controller, you dont need the temp workaround. What is your base OS?

Edit: what did you do to fix the interlace issue? thats likely the problem. Can you upload a copy of axiom-scan debug output?

axiom-scan test.txt -m nmap -sT -p- -sV -v --open -oA nmap -sC --debug --cache

Also, to use -oA you'll need to edit the nmap module

➜  ~ cat .axiom/modules/nmap.json 
[
        {
                "command":"sudo nmap -iL input -oA output/output",
                "ext":"dir"
        },
        {
                "command":"sudo nmap -iL input -oG output",
                "ext":"txt"
        },
        {
                "command":"sudo nmap -iL input -oX output",
                "ext":"xml"
        }
]
➜  ~ cat input                                        
tesla.com
microsoft.com
google.com


➜  ~ axiom-scan input -m nmap -oA test                
setting output directory to: 'test'
              _
  ____ __  __(_)___  ____ ___        ______________ _____                                                                                                                                                       
 / __ `/ |/_/ / __ \/ __ `__ \______/ ___/ ___/ __ `/ __ \                                                                                                                                                      
/ /_/ />  </ / /_/ / / / / / /_____(__  ) /__/ /_/ / / / /                                                                                                                                                      
\__,_/_/|_/_/\____/_/ /_/ /_/     /____/\___/\__,_/_/ /_/                                                                                                                                                       
                                                                                                                                                                                                                
                                    @pry0cc                                                                                                                                                                     
                                 & @0xtavian                                                                                                                                                                    
                                                                                                                                                                                                                
creating scan working directory at : /home/op/scan/nmap+1653603728/
module: [ nmap ] | module args: [  ] | input: [ 3 lines ] |
instances:  3  [ austin01 austin02 austin03 ] |                                                                                                                                                                 
command: [ sudo nmap -iL input -oA output/output ] | ext: [ dir ] | threads: [ null ]                                                                                                                           
spliting and distributing input file...                                                                                                                                                                         
[ OK ]
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-26 22:22 UTC
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-26 22:22 UTC
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-26 22:22 UTC
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 22:22 (0:00:00 remaining)
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 22:22 (0:00:00 remaining)
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 22:22 (0:00:00 remaining)
Nmap scan report for google.com (172.217.5.110)
Host is up (0.0018s latency).
Other addresses for google.com (not scanned): 2607:f8b0:4005:808::200e
rDNS record for 172.217.5.110: sfo03s07-in-f14.1e100.net
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.72 seconds
Nmap scan report for tesla.com (96.16.108.43)
Host is up (0.14s latency).
Other addresses for tesla.com (not scanned): 184.50.204.169 104.86.104.55 23.201.26.71 104.89.119.127 184.30.18.203
rDNS record for 96.16.108.43: a96-16-108-43.deploy.static.akamaitechnologies.com
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 10.26 seconds
Nmap scan report for microsoft.com (20.103.85.33)
Host is up (0.15s latency).
Other addresses for microsoft.com (not scanned): 20.84.181.62 20.112.52.29 20.53.203.50 20.81.111.85
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 10.69 seconds
austin02 scan finished
austin03 scan finished
austin01 scan finished
Mode set to directory... Merging directories...
Appending axiom-scan runtime statistics to : /home/kava/.axiom/stats.log
module: [ nmap ] | module args: [  ] | instances: [ 3 ] | targets: [ 3 targets ] | results: [ 9 results ] |
runtime: [ 00h:00m:38s ] | date: [ Thu May 26 22:22:08 UTC 2022 ] | id: [ nmap+1653603728 ] |                                                                                                                   
output: [ /home/kava/test ] | log: [ /home/kava/.axiom/logs/nmap+1653603728 ] | remote: [ /home/op/scan/nmap+1653603728 ]  |                                                                                    
command: [ sudo nmap -iL input -oA output/output ] | ext: [ dir ] | threads: [ null ]                    

➜  ~ ls test/merge 
output.gnmap  output.gnmap.~1~  output.gnmap.~2~  output.nmap  output.nmap.~1~  output.nmap.~2~  output.xml  output.xml.~1~  output.xml.~2~

[absane]

Running commands directly with axiom-exec id work just fine. So, I can manually kick off nmap that way.

Base OS for the VM I tried was Kali Linux. For the Docker, I am running that in Windows. Both give the same exact problems. Both are also using the Axiom as I did a fresh install a few hours ago.

I found the workaround to the Interlace issue I was initially having at this issue comment.

I just now edited .axiom/modules/nmap.json and I think that actually solved my problem, in combination with the Interlace work around. I am trying different scan options and they all seem to work now. When I did the --debug option, I did see an error at the bottom stating that the nmap files could not be created/accessed, which is what broke the whole thing. It's clear as to why now.

I don't know why I didn't think of it before, but also I think maybe in the past the -oA options was supported, indirectly or my memory is misleading me. Either way, it seems to work now.

Much appreciated!