carlospolop/legion carlospolop/legion

  • Stars
    star
    772
  • Rank 56,791 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 5 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
carlospolop/legion
github

carlospolop

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatic Enumeration Tool based in Open Source tools

LEGION - Automatic Enumeration Tool

Legion is based in the Pentesting Methodology that you can find in book.hacktricks.xyz.

Legion is a tool that uses several well-known opensource tools to automatically, semi-automatically or manually enumerate the most frequent found services running in machines that you could need to pentest.

Basically, the goal of Legion is to extract all the information that you can from each opened network service, so you don't have to write and execute the same commands in a terminal every time you find that service. Some actions are repeated by more than one tool, this is done to be sure that all the possible information is correctly extracted.

asciicast

Installation

Installation of Legion

git clone https://github.com/carlospolop/legion.git /opt/legion
cd /opt/legion/git
./install.sh
ln -s /opt/legion/legion.py /usr/bin/legion

For pentesting oracle services you should install manually some dependencies: https://book.hacktricks.xyz/pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-pentesting-requirements-installation

Docker

To have a nice experience with legion you can also build a container image using docker or podman, just typing the following commands:

docker build -t legion .

And start the container:

docker run -it legion bash

You will have a ready-to-use legion container image (To execute legion inside the container run ./legion.py).

Or you can just download the dockerhub container with:

docker pull carlospolop/legion:latest

Protocols Supported

You can get a list using the command protos

Brute force

All the protocols included in Legion that could be brute force, can be brute force using Legion. To see if a service can be brute forced and which command line will be used to do so (by default "hydra" is implemented, if hydra was not available metasploit or nmap will be used) set the protocol and the set the intensity to "3".

Example of brute forcing ssh:

Internal Commands

Use the help internal command to get info about what each command does.

Automatic Scan

Just lauch the internal command startGeneral and the 'General' will start scanning ports and services automatically.

Semi-Automatic Scan

You can set all the options properly and launch several commands to scan one service. You can do this using the command run.

Manual Scan

You can execute just one command using exec <name>. For example: exec http_slqmap

Some services have on demand commands, this commands can only be executed using this internal command (exec).

Options

domain

Set the domain of the DNS or of the user that you want to use

extensions

Comma separeted list of possible extensions (to brute force files in a web server)

host

It is the host that you want to attack (valid IP and domains)

Example:

set host 127.0.0.1
set host some.domain.com

intensity

There are 3 intensities:

  • 1: Basic checks executed
  • 2: All checks executed (Default)
  • 3: Brute force (check for availability)

ipv6

Ipv6 address of the victim, could be usefull for some commands

notuse

You can set a list (separated by commands) of commands that you don't want to use. For example, if you don't want modules from metasploit to be executed:set notuse msf.

password

Set here the password of the username you want to use.

path

Web server file path

plist

Set here the path to a list of passwords (by default LEGION has its own list)

port

The port where the service is running. If "0", then the default port of the service will be used (you can see this information using info)

proto

It is the protocol that you want to attack

Example:

set proto http

reexec

Set True if you want already executed commands to be executed again (by default is set to False).

ulist

Set a value here if you want to brute force a list of usernames (by default LEGION has its own list of usernames)

username

Set the username of the user that you want to use/brute-force(by default to brute-force a list of users is used).

verbose

If True the output of the command will be displayed as soon as it ends. If False it won't.

If True the output of info will show where each parameter is used, for example:

If False the output of info will show the values of the parameters, for example:

workdir

Is the directory where the info of the victim is storaged. By default it is $HOME/.legion

By Polop(TM)

More Repositories

1

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
C#
14,533
star
2

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Python
7,927
star
3

Auto_Wordlists

Python
849
star
4

PurplePanda

Identify privilege escalation paths within and across different clouds
Python
612
star
5

hacktricks-cloud

Python
450
star
6

BotPEASS

Use this bot to monitor new CVEs containing defined keywords and send alerts to Slack and/or Telegram.
Python
197
star
7

fuzzhttpbypass

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...
Python
161
star
8

MalwareWorld

System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
JavaScript
137
star
9

autoVolatility

Run several volatility plugins at the same time
Python
93
star
10

winPE

Windows privilege escalation with cmd
Batchfile
83
star
11

su-bruteforce

Shell
67
star
12

Leakos

Python
58
star
13

Gorks

Python
57
star
14

bf-aws-permissions

Shell
42
star
15

DDexec

Shell
41
star
16

Pastos

Python
33
star
17

prepkal

Simple script to download some missing tools in Kali
Shell
29
star
18

phpwebshelllimited

PHP
26
star
19

bashReconScan

Bash Recon Scan - Recon and Scan a network using Bash
Shell
25
star
20

sh2bin

Go
23
star
21

KAOSK-backdoors

Automate the creation of Backdoors and postexplotation activities
Python
22
star
22

MalwarePoC

Windows Malware Probe of Concept
C++
21
star
23

gcp_privesc_scripts

Shell
19
star
24

easy_stegoCTF

Brutteforce for stego CTFs
Python
17
star
25

KeyLoggerWin

Windows Keylogger in C++
C++
17
star
26

SlackDump

Python
17
star
27

github_archive_scraper

Python
16
star
28

nse_winVulnDetection_csv

Checks if a windows machine with the smb service actve is vulnerable to the CVEs of a CSV file passed as argument to the script
Lua
13
star
29

selenium_webBot

Selenium based bot that automatize the creation of accounts in a web page
Python
13
star
30

Cloudtrail2IAM

Python
13
star
31

bf-aws-perms-simulate

Python
13
star
32

easy_cryptoCTF

Try to bruteforce several cypher algorithms that can be used in CTFs
Python
13
star
33

aws_sensitive_permissions

Python
11
star
34

AutoHackBruteOs

10
star
35

DistrolessRCE

Python
10
star
36

BeefHook-Extension

BeefHook-Extension
JavaScript
10
star
37

tfstate2IAM

Python
9
star
38

easy_BFopensslCTF

Bash script that given a password (or a wordlist) tries to decrypt an OpenSSL encrypted file using several algorithms.
Shell
9
star
39

aws_tools

Shell
9
star
40

Tapjacking-ExportedActivity

Kotlin
8
star
41

correct_dict

Detect and remove repeated words of a Wordlist
Python
8
star
42

hackthebox-machines-challenges-SirBroccoli

SirBroccolis hackthebox writeups (protected by password)
8
star
43

MSF-Credentials

Ruby
8
star
44

telegram_sshBot

Python
7
star
45

byte-flipping

Byte flipping attack inside cookie
Python
7
star
46

sqlmap_to_unicode_template

Python
7
star
47

docker-mitm

Dockerfile
7
star
48

CheerUp-Bot

Telegram bot to cheerUP people
Python
6
star
49

docker-ps-spy

C
6
star
50

LambdaLayerBackdoor

Python
6
star
51

bf_my_gcp_permissions

Python
6
star
52

aws-Perms2ManagedPolicies

Python
5
star
53

DirtyNIB

Swift
5
star
54

exploiting_examples

C
5
star
55

hacktricks-bot

Python
5
star
56

AddSectionToPE

Add a section to the beginning or to the end of sections
C++
5
star
57

docker_auth_profiler

Go
4
star
58

gcp_oauth_phishing_example

Python
4
star
59

aws_find_external_accounts

Python
3
star
60

carlospolop

3
star
61

gcp_gen_delegation_token

Python
2
star
62

terraform_external_module_rev_shell

HCL
1
star
63

TestAWSOpenID

1
star