carlospolop/legion carlospolop/legion

  • Stars
    star
    851
  • Rank 53,558 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created over 5 years ago
  • Updated almost 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
carlospolop/legion
github

carlospolop

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatic Enumeration Tool based in Open Source tools

LEGION - Automatic Enumeration Tool

Legion is based in the Pentesting Methodology that you can find in book.hacktricks.xyz.

Legion is a tool that uses several well-known opensource tools to automatically, semi-automatically or manually enumerate the most frequent found services running in machines that you could need to pentest.

Basically, the goal of Legion is to extract all the information that you can from each opened network service, so you don't have to write and execute the same commands in a terminal every time you find that service. Some actions are repeated by more than one tool, this is done to be sure that all the possible information is correctly extracted.

asciicast

Installation

Installation of Legion

git clone https://github.com/carlospolop/legion.git /opt/legion
cd /opt/legion/git
./install.sh
ln -s /opt/legion/legion.py /usr/bin/legion

For pentesting oracle services you should install manually some dependencies: https://book.hacktricks.xyz/pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-pentesting-requirements-installation

Docker

To have a nice experience with legion you can also build a container image using docker or podman, just typing the following commands:

docker build -t legion .

And start the container:

docker run -it legion bash

You will have a ready-to-use legion container image (To execute legion inside the container run ./legion.py).

Or you can just download the dockerhub container with:

docker pull carlospolop/legion:latest

Protocols Supported

You can get a list using the command protos

Brute force

All the protocols included in Legion that could be brute force, can be brute force using Legion. To see if a service can be brute forced and which command line will be used to do so (by default "hydra" is implemented, if hydra was not available metasploit or nmap will be used) set the protocol and the set the intensity to "3".

Example of brute forcing ssh:

Internal Commands

Use the help internal command to get info about what each command does.

Automatic Scan

Just lauch the internal command startGeneral and the 'General' will start scanning ports and services automatically.

Semi-Automatic Scan

You can set all the options properly and launch several commands to scan one service. You can do this using the command run.

Manual Scan

You can execute just one command using exec <name>. For example: exec http_slqmap

Some services have on demand commands, this commands can only be executed using this internal command (exec).

Options

domain

Set the domain of the DNS or of the user that you want to use

extensions

Comma separeted list of possible extensions (to brute force files in a web server)

host

It is the host that you want to attack (valid IP and domains)

Example:

set host 127.0.0.1
set host some.domain.com

intensity

There are 3 intensities:

  • 1: Basic checks executed
  • 2: All checks executed (Default)
  • 3: Brute force (check for availability)

ipv6

Ipv6 address of the victim, could be usefull for some commands

notuse

You can set a list (separated by commands) of commands that you don't want to use. For example, if you don't want modules from metasploit to be executed:set notuse msf.

password

Set here the password of the username you want to use.

path

Web server file path

plist

Set here the path to a list of passwords (by default LEGION has its own list)

port

The port where the service is running. If "0", then the default port of the service will be used (you can see this information using info)

proto

It is the protocol that you want to attack

Example:

set proto http

reexec

Set True if you want already executed commands to be executed again (by default is set to False).

ulist

Set a value here if you want to brute force a list of usernames (by default LEGION has its own list of usernames)

username

Set the username of the user that you want to use/brute-force(by default to brute-force a list of users is used).

verbose

If True the output of the command will be displayed as soon as it ends. If False it won't.

If True the output of info will show where each parameter is used, for example:

If False the output of info will show the values of the parameters, for example:

workdir

Is the directory where the info of the victim is storaged. By default it is $HOME/.legion

By Polop(TM)

More Repositories

1

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
C#
14,533
star
2

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Python
7,927
star
3

Auto_Wordlists

Python
993
star
4

PurplePanda

Identify privilege escalation paths within and across different clouds
Python
653
star
5

hacktricks-cloud

Python
450
star
6

fuzzhttpbypass

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...
Python
202
star
7

BotPEASS

Use this bot to monitor new CVEs containing defined keywords and send alerts to Slack and/or Telegram.
Python
197
star
8

MalwareWorld

System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
JavaScript
140
star
9

autoVolatility

Run several volatility plugins at the same time
Python
104
star
10

winPE

Windows privilege escalation with cmd
Batchfile
87
star
11

su-bruteforce

Shell
82
star
12

bf-aws-permissions

Shell
70
star
13

Leakos

Python
62
star
14

Gorks

Python
61
star
15

DDexec

Shell
46
star
16

Pastos

Python
41
star
17

aws_iam_review

Python
31
star
18

prepkal

Simple script to download some missing tools in Kali
Shell
29
star
19

bashReconScan

Bash Recon Scan - Recon and Scan a network using Bash
Shell
28
star
20

phpwebshelllimited

PHP
25
star
21

sh2bin

Go
23
star
22

KAOSK-backdoors

Automate the creation of Backdoors and postexplotation activities
Python
22
star
23

gcp_privesc_scripts

Shell
22
star
24

MalwarePoC

Windows Malware Probe of Concept
C++
20
star
25

Tapjacking-ExportedActivity

Kotlin
19
star
26

easy_stegoCTF

Brutteforce for stego CTFs
Python
17
star
27

github_archive_scraper

Python
16
star
28

KeyLoggerWin

Windows Keylogger in C++
C++
16
star
29

SlackDump

Python
16
star
30

DistrolessRCE

Python
15
star
31

Cloudtrail2IAM

Python
15
star
32

bf-aws-perms-simulate

Python
15
star
33

selenium_webBot

Selenium based bot that automatize the creation of accounts in a web page
Python
12
star
34

easy_cryptoCTF

Try to bruteforce several cypher algorithms that can be used in CTFs
Python
12
star
35

nse_winVulnDetection_csv

Checks if a windows machine with the smb service actve is vulnerable to the CVEs of a CSV file passed as argument to the script
Lua
12
star
36

AutoHackBruteOs

10
star
37

aws-Perms2ManagedPolicies

Python
10
star
38

BeefHook-Extension

BeefHook-Extension
JavaScript
10
star
39

tfstate2IAM

Python
9
star
40

hackthebox-machines-challenges-SirBroccoli

SirBroccolis hackthebox writeups (protected by password)
9
star
41

easy_BFopensslCTF

Bash script that given a password (or a wordlist) tries to decrypt an OpenSSL encrypted file using several algorithms.
Shell
9
star
42

bf_my_gcp_permissions

Python
9
star
43

MSF-Credentials

Ruby
9
star
44

aws_tools

Shell
8
star
45

sqlmap_to_unicode_template

Python
7
star
46

correct_dict

Detect and remove repeated words of a Wordlist
Python
7
star
47

docker-mitm

Dockerfile
7
star
48

LambdaLayerBackdoor

Python
7
star
49

telegram_sshBot

Python
6
star
50

CheerUp-Bot

Telegram bot to cheerUP people
Python
6
star
51

byte-flipping

Byte flipping attack inside cookie
Python
6
star
52

docker-ps-spy

C
6
star
53

hacktricks-bot

Python
6
star
54

DirtyNIB

Swift
5
star
55

exploiting_examples

C
5
star
56

AddSectionToPE

Add a section to the beginning or to the end of sections
C++
5
star
57

aws_find_external_accounts

Python
4
star
58

gcp_oauth_phishing_example

Python
4
star
59

gcp_gen_delegation_token

Python
4
star
60

docker_auth_profiler

Go
3
star
61

carlospolop

3
star
62

terraform_external_module_rev_shell

HCL
1
star
63

CHack_bot

Python
1
star
64

TestAWSOpenID

1
star