Legion’s easy to use interface means less time manually running tools and more time analyzing data
Setup of Legion can be done a few different ways..
Getting Started with Using Legion
Using Legion’s Advanced Functions
Increasing Concurrent Processes
- By default Legion is configured to concurrently run 10 fast processes (like standard port scripts) and 10 slow processes (like NMAP staged scans) at a time. Under [GeneralSettings] in legion.conf are the variables max-fast-processes and max-slow-processes; increasing the max number of processes from 10 should increase scan speed times but at the cost of higher CPU and memory utilization.
- Additionally, please note increasing the number of concurrent running processes will make it more likely for intrusion prevention systems to detect Legion's scanning and start blocking scanning traffic.
Creating Additional Actions
- Additional actions can be configured in Legion that allow Legion to interact with outside tools. This actions are defined in the legion.conf file under the respective sections of [HostActions], [PortActions] and [PortTerminalActions].
- Host Actions: are invoked by right-clicking on a host and their tool output will be stored and displayed in Legion.
- Port Actions: are invoked by right-clicking on a port or service and their tool output will be stored and displayed in Legion.
- Port Terminal Actions: are invoked by right-clicking on a port and will spawn an external terminal window (Eg: Connect with netcat). Port Terminal Actions are ideal for launching any scripts or tools from Legion that require user interaction.
- Tool: A unique identifier, typically the name of the tool.
- Label: The text that will appear in the context menu.
- Command: The command you would type in the terminal to run the tool. Note that it must be a non-interactive command. The placeholders [IP], [PORT] and [OUTPUT] when used will be replaced at run time by the right values.
- Services: The list of nmap service names that a tool applies to. When you right-click on a port/service the tool will only appear in the context menu if the service was defined here.
- To configure a new action the following format must be used: Tool=Label, Command, Services
To configure the tool Nikto as a port action we would need to add the following line to the [PortActions] in legion.conf:
nikto=Run nikto, nikto -o [OUTPUT].txt -p [PORT] -h [IP], “http,https”
Setting up Additional Automated Port Action Schedulers
- Port Actions can be set to automatically run based on TCP/UPD services found by Legion. This is accomplished under [SchedulerSettings] in legion.conf.
- To configure a new Scheduled Port Action the following format must be used: Tool=Services, Traffic Type (TCP/UPD)
To configure the tool snmpcheck as a scheduled port action we would need to add the following line to the [SchedulerSettings] in legion.conf:
Troubleshooting and Issues
While Legion is regularly utilized by our own network penetration testing team, it is still beta and being actively developed. If you encounter any issues while using Legion be sure to let our development team known on Github Issues. Our team is regularly working on bug fixes and releasing new features. Lastly, below are some common issues and troubleshooting tips to help out.
Issue #1 – A Process (or bunch of processes) crash automatically or when manually invoking a command
- This is probably the most common issue that is seen in Legion and it's not necessarily Legion itself in most cases. In a situation where Legion goes to execute an outside script or tool (like snmpcheck) it assumes that script or tool is installed on your system. If the script or tool isn't installed then Legion will just label the process as “crashed”. The easiest way to troubleshoot and fix this issue is to look for the tool or script being called under the [PortActions] section of legion.conf, find the specific terminal command that Legion is using and manually run it in terminal yourself. In most cases you may find that simply the tool isn't installed, doing a “sudo apt-cache search [tool name]” will find the package associated to the tool.
Legion comes without warranty and is meant to be responsibly used to analyze and exploit information systems and networks you own or explicitly have permission to pentest.
GoVanguard declines all responsibility in the case the tool is used for malicious purposes or in any illegal context; and in the case the tool creates any CIA incidents for any information systems.
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed